PDA

View Full Version : Suspecting a Keylogger.



Caldemar
2007-05-05, 01:56
Recently I was on AIM (this has also occurred on an online game) my account was logged in from another location. I suspect I have acquired a keylogger. I ran Norton and came up empty-handed. I've renamed hijackthis and here is the log file:

Logfile of HijackThis v1.99.1
Scan saved at 6:41:29 PM, on 5/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Cobian Backup 7\CobBU.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cobian Backup 7\cobui.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\OpenOffice.org1.1.3\program\soffice.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Trevor\Desktop\hxc\hXcV2\hXc.exe
C:\Documents and Settings\Trevor\My Documents\Installs\Hijack This\elohel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NVidia System Utility] "C:\Program Files\NVIDIA Corporation\NVIDIA System Utility\\NVSystemUtility.exe" clear
O4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Cobian Backup 7] "C:\Program Files\Cobian Backup 7\CobBU.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Tray] C:\Program Files\Active Tray\atray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: rundl32 - rundl32.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: gkdiroqcyele (aodxkihm5) - Unknown owner - C:\WINDOWS\system32\jbtarvcm5.exe (file missing)
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Many thanks in advance.

pskelley
2007-05-05, 14:52
Welcome to the forum, looks like your Java scheduler: C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
is not working and Java needs and update. I personally update manually because of the buggy scheduler but one way or another, Java must be kept up to date:
http://forums.spybot.info/showpost.php?p=12880&postcount=2

I can't identify this item: C:\Documents and Settings\Trevor\Desktop\hxc\hXcV2\hXc.exe

This service is no doubt a trojan, but you can check it here before you remove it if you wish:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/flash/index_en.html

O23 - Service: gkdiroqcyele (aodxkihm5) - Unknown owner - C:\WINDOWS\system32\jbtarvcm5.exe (file missing)
(ignore the file missing...that file is there)

Removal instrutions:

Disable the Service
Click Start > Run and type services.msc
Scroll down to gkdiroqcyele and right click on it.
Click Properties and under Service Status click Stop, then under Startup Type change it to Disabled.

Delete the Service
Open HijackThis and click Config -> Misc Tools -> Delete an NT service.
In the Delete window, type (aodxkihm5) and press OK.
OK any prompts, close HijackThis, and restart your computer.

Follow the instructions in this link to download, install, update and run AVG Anti-Spyware. Make sure you delete or quarantine anything it finds and save the scan report to post.

Restart the computer and post the Scan Report from AVG anti_Spyware, and information I requested and a new HJT log.

Thanks

Caldemar
2007-05-05, 21:26
hXc I downloaded during a time in which I was working on hosting a private server for an online game. It did not come back infected, but it did strike me as dubious because I did not realize it was running. It has been disposed of.

Here is the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 2:21:04 PM, on 5/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Cobian Backup 7\CobBU.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Cobian Backup 7\cobui.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\OpenOffice.org1.1.3\program\soffice.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Trevor\My Documents\Installs\Hijack This\elohel.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NVidia System Utility] "C:\Program Files\NVIDIA Corporation\NVIDIA System Utility\\NVSystemUtility.exe" clear
O4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Cobian Backup 7] "C:\Program Files\Cobian Backup 7\CobBU.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Tray] C:\Program Files\Active Tray\atray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: rundl32 - rundl32.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Caldemar
2007-05-05, 21:29
{Sorry for the quadruple post, log was too long.}

And here is the AVG AntiSpyware log:


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:11:55 PM 5/5/2007

+ Scan result:



C:\WINDOWS\system32\ascbalo3N.dll -> Adware.Balloon : No action taken.
C:\WINDOWS\system32\ascbalon.dll -> Adware.Balloon : No action taken.
C:\Documents and Settings\Trevor\Desktop\! Modding Equipment !\Trainers\Trainer Making\Trainer Maker Kit\shared.dat -> Hijacker.Small : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.59:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.62:C:\Documents and Settings\Trevor_2\Application Data\Mozilla\Firefox\Profiles\k60v2yb3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.63:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.66:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.67:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.68:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.69:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.70:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.71:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.72:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.73:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.74:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.75:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.76:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.77:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.78:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.79:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.80:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.81:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.82:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.83:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.84:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.85:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@microsoftoffice.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@paypal.112.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@tcompany.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Trevor_2\Cookies\trevor_2@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Trevor_2\Cookies\trevor_2@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.118:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.121:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.715:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.716:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@ad.admarketplace[1].txt -> TrackingCookie.Admarketplace : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@admarketplace[2].txt -> TrackingCookie.Admarketplace : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@ad.admarketplace[2].txt -> TrackingCookie.Admarketplace : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@www.adobe[2].txt -> TrackingCookie.Adobe : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@ad.adocean[2].txt -> TrackingCookie.Adocean : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@gde.adocean[2].txt -> TrackingCookie.Adocean : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@ad.adocean[2].txt -> TrackingCookie.Adocean : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@gde.adocean[2].txt -> TrackingCookie.Adocean : No action taken.
:mozilla.900:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Adorigin : No action taken.
:mozilla.901:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Adorigin : No action taken.
:mozilla.902:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Adorigin : No action taken.
:mozilla.903:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Adorigin : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@adorigin[2].txt -> TrackingCookie.Adorigin : No action taken.
:mozilla.600:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.601:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.602:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@z1.adserver[2].txt -> TrackingCookie.Adserver : No action taken.
:mozilla.252:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.253:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
:mozilla.18:C:\Documents and Settings\Trevor_2\Application Data\Mozilla\Firefox\Profiles\k60v2yb3.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.97:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.908:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.899:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.301:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@centrport[1].txt -> TrackingCookie.Centrport : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@centrport[1].txt -> TrackingCookie.Centrport : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@vip.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.572:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Cnn : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@ads.cnn[1].txt -> TrackingCookie.Cnn : No action taken.
:mozilla.335:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.336:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@com[2].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@com[2].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : No action taken.
:mozilla.691:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Connextra : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@connextra[2].txt -> TrackingCookie.Connextra : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.449:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Dealtime : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@stat.dealtime[1].txt -> TrackingCookie.Dealtime : No action taken.
:mozilla.435:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.461:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.576:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.603:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.695:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.734:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@e-2dj6wfkiggajslo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@e-2dj6wfkyqkcjchq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@e-2dj6wfl4aldzmgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@e-2dj6wgkisjdzogo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@e-2dj6wgkiwmajofp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@e-2dj6wgkyehcjmlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@e-2dj6wgkykpdjklo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@e-2dj6wgliuidpgbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.

Caldemar
2007-05-05, 21:30
C:\Documents and Settings\Trevor\Cookies\trevor@e-2dj6whkyegcpokq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@e-2dj6wjk4onc5sao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@e-2dj6wjkokpcpgdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@e-2dj6wjkosmajcdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@e-2dj6wjlikjd5mhq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@e-2dj6wjnyagajahp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@e-2dj6wjnyapd5gkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.526:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@estat[1].txt -> TrackingCookie.Estat : No action taken.
:mozilla.182:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.314:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@as-eu.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@as1.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
:mozilla.181:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.822:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Fortunecity : No action taken.
:mozilla.823:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Fortunecity : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@fortunecity[1].txt -> TrackingCookie.Fortunecity : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@fortunecity[2].txt -> TrackingCookie.Fortunecity : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@ads.gamershell[2].txt -> TrackingCookie.Gamershell : No action taken.
:mozilla.598:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Gemius : No action taken.
:mozilla.599:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Gemius : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@hit.gemius[2].txt -> TrackingCookie.Gemius : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@hit.gemius[2].txt -> TrackingCookie.Gemius : No action taken.
:mozilla.453:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Goclick : No action taken.
:mozilla.454:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Goclick : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@c.goclick[1].txt -> TrackingCookie.Goclick : No action taken.
:mozilla.916:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Hotlog : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@hotlog[2].txt -> TrackingCookie.Hotlog : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@hypertracker[1].txt -> TrackingCookie.Hypertracker : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@searchportal.information[1].txt -> TrackingCookie.Information : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@searchportal.information[1].txt -> TrackingCookie.Information : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@ivwbox[2].txt -> TrackingCookie.Ivwbox : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@komtrack[2].txt -> TrackingCookie.Komtrack : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@sec1.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@stat.onestat[2].txt -> TrackingCookie.Onestat : No action taken.
:mozilla.659:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.660:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.661:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@data2.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
:mozilla.95:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Paypal : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@www.paypal[1].txt -> TrackingCookie.Paypal : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@banner.paypopup[1].txt -> TrackingCookie.Paypopup : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.399:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Pro-market : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@pro-market[1].txt -> TrackingCookie.Pro-market : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@qksrv[1].txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.60:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.61:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.62:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : No action taken.
:mozilla.527:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.528:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.529:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.530:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.531:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.532:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.533:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.534:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.893:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@network.realmedia[2].txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@realmedia[2].txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@realmedia[1].txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.890:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.891:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.892:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@revenue[1].txt -> TrackingCookie.Revenue : No action taken.
:mozilla.291:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.292:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.293:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.294:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.295:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.296:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.297:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.298:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.299:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@revsci[2].txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.489:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.490:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.491:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.492:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.493:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.494:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.765:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.466:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.391:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Skype : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@site.skype[1].txt -> TrackingCookie.Skype : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@skype[2].txt -> TrackingCookie.Skype : No action taken.
:mozilla.428:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.429:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.430:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.436:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Spylog : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@spylog[2].txt -> TrackingCookie.Spylog : No action taken.
:mozilla.272:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Starware : No action taken.
:mozilla.284:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Starware : No action taken.
:mozilla.285:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@h.starware[1].txt -> TrackingCookie.Starware : No action taken.

Caldemar
2007-05-05, 21:31
C:\Documents and Settings\Trevor\Cookies\trevor@try.starware[1].txt -> TrackingCookie.Starware : No action taken.
:mozilla.150:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.151:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.152:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.153:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.154:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.159:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.160:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.161:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.162:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.163:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.164:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.165:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.166:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.167:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.168:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.169:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.170:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.171:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.172:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.173:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.174:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.16:C:\Documents and Settings\Trevor_2\Application Data\Mozilla\Firefox\Profiles\k60v2yb3.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.24:C:\Documents and Settings\Trevor_2\Application Data\Mozilla\Firefox\Profiles\k60v2yb3.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.25:C:\Documents and Settings\Trevor_2\Application Data\Mozilla\Firefox\Profiles\k60v2yb3.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.26:C:\Documents and Settings\Trevor_2\Application Data\Mozilla\Firefox\Profiles\k60v2yb3.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.27:C:\Documents and Settings\Trevor_2\Application Data\Mozilla\Firefox\Profiles\k60v2yb3.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.432:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.636:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.637:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@anat.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Trevor_2\Cookies\trevor_2@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@login.tracking101[1].txt -> TrackingCookie.Tracking101 : No action taken.
:mozilla.627:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@trafic[1].txt -> TrackingCookie.Trafic : No action taken.
:mozilla.96:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.811:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.812:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.813:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.814:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.815:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@reduxads.valuead[2].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@valuead[2].txt -> TrackingCookie.Valuead : No action taken.
:mozilla.762:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.323:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.324:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.325:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@webstat[1].txt -> TrackingCookie.Web-stat : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@weborama[1].txt -> TrackingCookie.Weborama : No action taken.
:mozilla.64:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.
:mozilla.65:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.
:mozilla.67:C:\Documents and Settings\Trevor_2\Application Data\Mozilla\Firefox\Profiles\k60v2yb3.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Trevor_2\Cookies\trevor_2@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.
:mozilla.827:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@yadro[1].txt -> TrackingCookie.Yadro : No action taken.
:mozilla.37:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.38:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.39:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.47:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.49:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.50:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.51:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.52:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.53:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.54:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.305:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.306:C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\utjx5mp8.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Trevor\Cookies\trevor@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@c5.zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Trevor\Local Settings\Temp\Cookies\trevor@zedo[1].txt -> TrackingCookie.Zedo : No action taken.


::Report end



Again, many thanks for helping me out. I'm still slightly worried about the keylogger, as I am not an expert by any stretch of the imagination. If there is more I should or can please let me know. Cheers.



tashi- my apologies for putting my log in the [CODE] tag. I thought I was doing you a favor...

Caldemar
2007-05-05, 21:37
I'm cringing at putting this many posts in a row. Deepest apologies.

Please note: I saved the report before I took action. Everything on the list has been deleted, save the Adware Balloon thing, which I did not know had "Ignore" selected.

pskelley
2007-05-05, 21:39
Was just about to ask you about that, just make sure you delete everything and I do not need to see the scan report. Will post about the rest shortly.

You do know how to delete cookies, don't you?

pskelley
2007-05-05, 21:55
AVG Anti-Spyware: Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.

We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
Open Windows Defender, Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O20 - Winlogon Notify: rundl32 - rundl32.dll (file missing)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

What are you running for a firewall? If you are using SP2 Firewall, I suggest you consider a free third party program that can help you track what is coming and going. The service you have running may have been your problem, it was a trojan but random named. If you ned links to free firewalls, let me know.

How is the computer running? Let's Clean System Restore:

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

Thanks

Caldemar
2007-05-06, 00:20
I'm behind a firewall router. I'm running Norton Internet Security 2007. I also have a hardware firewall on my motherboard that is disabled because it's what we thought was making my internet run slow (certain websites simply refuse to load on my PC but load fine on the computer upstairs in the 'office').

I also just now downloaded process explorer.

Also, another question- would Hijack This detect a running keylogger? I think it displays everything running, but I'm not sure.

pskelley
2007-05-06, 00:48
I have no firewall on my motherboard, but do run a router with a firewall and a software firewall (Zone Alarm) for the extra protection. HJT is close to a miracle but it is a small tool designed to show the areas hackers normally use. That, however, is changing in todays world of rootkits, backdoor trojans and other hidden malware. It is going to get worse. HJT is now just a jumping off point to show us basic stuff and rapidly that is no longer showing in the HJT log requiring scans to look for clues to the hidden malware. Here is a tutorial for HJT showing areas it helps in:
http://www.bleepingcomputer.com/tutorials/tutorial42.html

I ran the anti-Spyware scan looking for a Keylogger and it will normally show one if there. In my case, northing can more through my firewall without me knowing it. You can try other scans, but I believe you are wasting you time.

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

pskelley
2007-05-14, 14:09
As the problem appears to be resolved this topic has been closed.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.

Thanks