Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My Hijack This Log URGENT HELP! [RESOLVED]

Started by Sgt. Webster , Jan 27 2006 10:06 AM

  • This topic is locked This topic is locked

#1
Sgt. Webster
Posted 27 January 2006 - 10:06 AM

Sgt. Webster

    New Member

  • Member
  • Pip
  • 5 posts
Here is my Hijack This Log file -

Logfile of HijackThis v1.99.1
Scan saved at 10:53:35 AM, on 1/27/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\Computer FIX ER\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{36D6EDC9-DAAD-4F04-90E8-51850F057B65}: NameServer = 85.255.116.164,85.255.112.194
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF95F7CD-C567-404E-999E-0A34F716D558}: NameServer = 85.255.116.164,85.255.112.194
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBA76320-97FD-40E3-994B-A815A7B5C5AD}: NameServer = 85.255.116.164,85.255.112.194
O17 - HKLM\System\CS1\Services\Tcpip\..\{36D6EDC9-DAAD-4F04-90E8-51850F057B65}: NameServer = 85.255.116.164,85.255.112.194
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya6.5\docs\Wrapper.conf (file missing)
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements

#2
Sgt. Webster
Posted 27 January 2006 - 10:10 AM

Sgt. Webster

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I also have Silent Runners which displayed these results with things that most concern me in bold -

"Silent Runners.vbs", revision 36, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [file not found]
"PhotoShow Deluxe Media Manager" = "C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe" ["Simple Star, Inc."]
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
"StorageGuard" = ""C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r" [file not found]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"Reminder" = ""C:\Windows\Creator\Remind_XP.exe"" [empty string]
"nwiz" = "nwiz.exe /installquiet /keeploaded" ["NVIDIA Corporation"]
"CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"Jet Detection" = ""C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"" [file not found]
"PS2" = "C:\WINDOWS\system32\ps2.exe" ["Hewlett-Packard Company"]
"LXSUPMON" = "C:\WINDOWS\System32\LXSUPMON.EXE RUN" ["Lexmark International Inc."]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"Default" = (no data)
"Norton Ghost 9.0" = "C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" ["Symantec Corporation"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
"Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"SSC_UserPrompt" = "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [file not found]
"yaemu.exe" = "C:\WINDOWS\System32\yaemu.exe" [file not found]
"dmdoz.exe" = "C:\WINDOWS\System32\dmdoz.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++}
"Flags" = 80 [file not found]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software AG"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\AcDwfThmbPrxy16.dll" ["Autodesk"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "csdcd.exe" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]


Enabled Wallpaper and Active Desktop:
-------------------------------------

Active Desktop is disabled.

HKCU\Control Panel\Desktop\


Startup items in "Owner" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Registration Brothers In Arms EiB Demo" -> shortcut to: "C:\Documents and Settings\Owner\Desktop\Brothers in Arms Earned in Blood DEMO PC\Support\Register\RegistrationReminder.exe -d 802407 -l english -r 7 -g Brothers In Arms EiB Demo -c united -i " [file not found]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Quicken Scheduled Updates" -> shortcut to: "C:\Program Files\Quicken\bagent.exe" ["Intuit Inc."]


Enabled Scheduled Tasks:
------------------------

"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {CLSID}\(Default) = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" [file not found]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {CLSID}\(Default) = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
Autodesk Licensing Service, Autodesk Licensing Service, ""C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"" ["Autodesk"]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTsvcCDA.exe" ["Creative Technology Ltd"]
DCPFLICS, DCPFLICS, "C:\Program Files\DCPFLICS\DCPFLICS.exe" [null data]
InCD Helper (read only), InCDsrvR, "C:\Program Files\Ahead\InCD\InCDsrv.exe -r" ["Ahead Software AG"]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------
  • 0

#3
sari
Posted 01 February 2006 - 08:37 AM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
Sgt. Webster,

Welcome to Geeks to Go - I apologize for the wait, but all the helpers have been quite busy. I'm reviewing your log now and will be posting shortly.

sari
  • 0

#4
sari
Posted 03 February 2006 - 12:33 PM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
Sgt. Webster

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.sub.../Fixwareout.exe
http://swandog46.gee.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O17 - HKLM\System\CCS\Services\Tcpip\..\{36D6EDC9-DAAD-4F04-90E8-51850F057B65}: NameServer = 85.255.116.164,85.255.112.194
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF95F7CD-C567-404E-999E-0A34F716D558}: NameServer = 85.255.116.164,85.255.112.194
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBA76320-97FD-40E3-994B-A815A7B5C5AD}: NameServer = 85.255.116.164,85.255.112.194
O17 - HKLM\System\CS1\Services\Tcpip\..\{36D6EDC9-DAAD-4F04-90E8-51850F057B65}: NameServer = 85.255.116.164,85.255.112.194

Click FIX CHECKED. Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

Reboot into safe mode, by tapping F8 repeatedly as your system boots. It will come up with a menu of options - choose safe mode.

Make sure you can find hidden files and folders:
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Delete the following 2 files:

C:\WINDOWS\system32\winmgd.win
C:\WINDOWS\system32\mouse_configurator.win

Reboot into normal mode again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log into this topic.

Edited by sari, 03 February 2006 - 12:52 PM.

  • 0

#5
Sgt. Webster
Posted 17 February 2006 - 04:32 PM

Sgt. Webster

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Sorry it took so long to post but here is the FixWareout log -

Fixwareout ver 1.003
Last edited 2/15/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
...

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\CSRKSE~1.REN
C:\WINDOWS\SYSTEM32\FAVSET~1.REN
C:\WINDOWS\SYSTEM32\FILESA~1.REN
C:\WINDOWS\SYSTEM32\PPPCGM~1.REN

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

*And here is the new HijackThis Log -

Logfile of HijackThis v1.99.1
Scan saved at 5:31:52 PM, on 2/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\Computer FIX ER\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya6.5\docs\Wrapper.conf (file missing)
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

*Thanks Again!! - :tazz:
  • 0

#6
therock247uk
Posted 18 February 2006 - 11:15 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Sari is away and cant reply.

Please download ewido anti-malware it is a trial version of the program.
  • Install ewido anti-malware
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

Open Ewido again
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido anti-malware.

Reboot and Post the report Ewido made and a new Hijackthis log here in a reply.
  • 0

#7
Sgt. Webster
Posted 18 February 2006 - 08:20 PM

Sgt. Webster

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here is the ewido log -

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:15:37 PM, 2/18/2006
+ Report-Checksum: AA47F798

+ Scan result:

:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Estat : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup
:mozilla.390:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.444:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.454:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.455:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.456:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.457:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.458:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.459:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.460:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.462:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.463:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.464:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.466:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.467:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.472:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.481:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.482:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.485:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.493:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.505:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.506:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.507:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.508:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.515:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.517:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.518:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.519:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.520:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.521:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.522:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.523:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.524:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.525:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.526:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.527:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.535:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.536:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.537:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.557:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.558:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.559:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.560:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.561:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.562:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.563:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.564:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.565:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.566:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.585:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.586:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.587:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.588:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.629:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.631:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.632:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.633:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.634:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.635:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.636:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.637:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.638:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.639:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.642:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.643:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.644:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.645:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.646:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.655:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.656:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.657:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.658:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.659:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.674:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.675:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.676:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.677:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.678:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.697:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.702:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.703:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.704:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.705:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.706:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.715:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.716:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.717:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.718:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.719:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.727:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.728:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.747:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.773:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.774:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.775:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.776:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.777:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.778:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.779:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.780:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.781:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.782:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.783:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.784:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ymyarufu.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\WINDOWS\system32\csrks.exe.ren -> Downloader.Agent.uj : Cleaned with backup
C:\WINDOWS\system32\dmdoz.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\favset.exe.ren -> Trojan.Favadd.an : Cleaned with backup
C:\WINDOWS\system32\filesafer23.exe.ren -> Hijacker.Small : Cleaned with backup
C:\WINDOWS\system32\pppcgm.exe.ren -> Adware.Msnagent : Cleaned with backup


::Report End


Here is the new HijactThis log -

Logfile of HijackThis v1.99.1
Scan saved at 9:17:39 PM, on 2/18/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\Computer FIX ER\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya6.5\docs\Wrapper.conf (file missing)
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Cheers!- :tazz:
  • 0

#8
therock247uk
Posted 18 February 2006 - 09:05 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
1. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

2. Then post a new Hijackthis log here in a reply.
  • 0

#9
Sgt. Webster
Posted 19 February 2006 - 01:52 PM

Sgt. Webster

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here's the HijackThis log you requested -

Logfile of HijackThis v1.99.1
Scan saved at 2:50:58 PM, on 2/19/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\Computer FIX ER\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya6.5\docs\Wrapper.conf (file missing)
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#10
therock247uk
Posted 19 February 2006 - 04:08 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Your log is clean :tazz:

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.
  • 0

#11
sari
Posted 27 February 2006 - 12:35 PM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP