View Full Version : cmdService - It won't leave me alone!
JustinSane07
2006-05-28, 08:11
I can't for the life of me get rid of this stupid thing.
Spybot Report:
Command Service: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService
Command Service: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-05-26 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-05-26 Includes\Cookies.sbi (*)
2006-05-26 Includes\Dialer.sbi (*)
2006-05-26 Includes\Hijackers.sbi (*)
2006-05-26 Includes\Keyloggers.sbi (*)
2006-05-26 Includes\Malware.sbi (*)
2006-05-26 Includes\PUPS.sbi (*)
2006-05-26 Includes\Revision.sbi (*)
2006-05-26 Includes\Security.sbi (*)
2006-05-26 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-05-26 Includes\Trojans.sbi (*)
HiJackThis Report:
Logfile of HijackThis v1.99.1
Scan saved at 1:08:54 AM, on 5/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\WinZip\WZ.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mike\Desktop\HijackThis.exe
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B5E0E9A4-E591-4B81-BA7B-C08CB2CBB8B0} - C:\Program Files\ComPlus Applications\hosecus.dll
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Launch G-series Keyboard Profiler.lnk = C:\Program Files\Logitech\G-series Software\LGDCore.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\ADIDDC.DLL (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
Hello.. :)
Lets get you up and running again.
==
Please download delcmdservice (http://users.telenet.be/marcvn/tools/delcmdservice.zip) (by Marckie), and save it to your Desktop.
Unzip the content to your Desktop (a folder named delcmdservice)
Double-click on the delcmdservice folder
Double-click on delreg.bat to launch the tool
When the tool has finished, please reboot your computer.
==
Next:
Please download Look2Me-Destroyer (http://www.atribune.org/ccount/click.php?id=7) to your desktop.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt and a fresh HiJackThis log. :bigthumb:
If Look2Me-Destroyer does not reopen automatically, reboot and try again.
JustinSane07
2006-05-28, 18:02
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 5/28/2006 10:53:05 AM
Infected! C:\WINDOWS\system32\ADIDDC.DLL
Attempting to delete infected files...
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Explorer
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6D8D199D-A0F8-4C18-8100-C1D5FC6D3483}"
HKCR\Clsid\{6D8D199D-A0F8-4C18-8100-C1D5FC6D3483}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
Logfile of HijackThis v1.99.1
Scan saved at 10:59:13 AM, on 5/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\LcdStudio\ks0108Native.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mike\Desktop\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Launch G-series Keyboard Profiler.lnk = C:\Program Files\Logitech\G-series Software\LGDCore.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
That IPWins.exe file looks suspicious to me.
Lets continue :)
Go ahead and delete Look2Me-Destroyer aswell as delcmdservice.
==
It is. Through Add/Remove programs, uninstall the following entry if present:
IpWins
Don't get concerned if it is not listed. Now, delete the following folder:
C:\Program Files\ipwins
Empty recycle bin.
Run a scan with HijackThis and check the following object for removal if present:
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
Close ALL other open windows except for HijackThis and hit FIX CHECKED. Close HijackThis.
==
Finally:
Please go HERE (http://www.pandasoftware.com/products/activescan.htm) to run Panda's ActiveScan
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report. :bigthumb:
JustinSane07
2006-05-28, 21:43
Incident Status Location
Adware:Adware/NewAds Not disinfected C:\Program Files\Ventrilo\SwitchBindings.exe
Spyware:spyware/marketscore Not disinfected c:\windows\system32\rk.bin
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/dollarrevenue Not disinfected c:\windows\drsmartload45a.exe
Spyware:spyware/new.net Not disinfected c:\windows\NDNuninstall7_22.exe
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/memorywatcher Not disinfected Windows Registry
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ax7uqn4c.Default User\cookies.txt[stat.onestat.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ax7uqn4c.Default User\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.overture.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.com.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.888.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.adtech.de/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.kinghost.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.microsoftwga.112.2o7.net/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.www.myaffiliateprogram.com/]
JustinSane07
2006-05-28, 21:44
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[c.goclick.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[server.iad.liveperson.net/hc/71875316]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[server.iad.liveperson.net/hc/88270523]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-53a5f306-535573f9.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-53a5f306-535573f9.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-53a5f306-535573f9.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-53a5f306-535573f9.zip[Beyond.class]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mike\Cookies\mike@2o7[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Mike\Cookies\mike@888[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Mike\Cookies\mike@888[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mike\Cookies\mike@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Mike\Cookies\mike@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mike\Cookies\mike@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mike\Cookies\mike@adrevolver[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mike\Cookies\mike@advertising[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Mike\Cookies\mike@as-eu.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Mike\Cookies\mike@as-us.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mike\Cookies\mike@atdmt[2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Mike\Cookies\mike@banners.searchingbooth[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mike\Cookies\mike@belnk[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Mike\Cookies\mike@bfast[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Mike\Cookies\mike@c.enhance[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Mike\Cookies\mike@cassava[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mike\Cookies\mike@com[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mike\Cookies\mike@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mike\Cookies\mike@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mike\Cookies\mike@fastclick[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Mike\Cookies\mike@go[1].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Mike\Cookies\mike@hc2.humanclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Mike\Cookies\mike@hitbox[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Mike\Cookies\mike@i.screensavers[1].txt
JustinSane07
2006-05-28, 21:44
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Mike\Cookies\mike@kmpads[2].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Mike\Cookies\mike@linksynergy[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Mike\Cookies\mike@maxserving[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mike\Cookies\mike@media.fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Mike\Cookies\mike@mediaplex[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mike\Cookies\mike@microsoftwga.112.2o7[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mike\Cookies\mike@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mike\Cookies\mike@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mike\Cookies\mike@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Mike\Cookies\mike@revenue[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Mike\Cookies\mike@server.iad.liveperson[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Mike\Cookies\mike@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Mike\Cookies\mike@stats1.reliablestats[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Mike\Cookies\mike@statse.webtrendslive[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Mike\Cookies\mike@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mike\Cookies\mike@tribalfusion[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Mike\Cookies\mike@www.burstbeacon[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Mike\Cookies\mike@www.myaffiliateprogram[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Mike\Cookies\mike@zedo[2].txt
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\!update.exe
Adware:Adware/Qoologic Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\f2271484.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\i1F.tmp
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\i65.tmp
Virus:Trj/Downloader.AYV Disinfected C:\Documents and Settings\Mike\Local Settings\Temp\pre.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\sdexe.exe
Adware:Adware/YazzleSudoku Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\uninstaller.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\InetGet2\emg2.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\InetGet2\webhost2.exe
Adware:Adware/NewAds Not disinfected C:\Program Files\Windows\WinUpdate.exe
Virus:Trj/Downloader.HPZ Not disinfected C:\WINDOWS\pf78.exe[pms111x.exe]
Virus:Trj/VB.MC Not disinfected C:\WINDOWS\pf78.exe[SYSC00.exe]
Spyware:Spyware/MarketScore Not disinfected C:\WINDOWS\system32\rlls.dll
Spyware:Spyware/MarketScore Not disinfected C:\WINDOWS\system32\rlvknlg.exe
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\VSL03.exe[VSL.dl_]
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\VSL05.exe[VSL.dl_]
Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\system32\ZICORN003.exe
Adware:Adware/ConsumerAlertSystem Not disinfected C:\WINDOWS\visfx500.exe
JustinSane07
2006-05-28, 22:12
Okay, I just ran my copy of Norton Corporate 8.1.1 and it picked up on 5 viruses that I had permanantly deleted.
Ok then, lets continue :)
==
Please print these instructions out, or write them down, as you can't read them during the fix.
1. Please download the trial version of Ewido Anti-malware here:
http://www.ewido.net/en/download/ (http://www.ewido.net/en/download/)
Please read Ewido Setup Instructions (http://rstones12.geekstogo.com/ewidosetup.htm)
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
==
2. Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right-click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C: ) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).
==
4. Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.
This program is for XP and Windows 2000 only.
Do not do anything with these yet!
==
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
==
5. Run ATF-Cleaner:
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
==
6. Run Ewido:
Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.
Close Ewido anti-malware.
==
7. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by double-clicking BFU.exe
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select alcanshorty.bfu
Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the Complete script execution box to pop up and hit OK.
Press Exit to terminate the BFU program.
Reboot into normal Windows and post the contents of Ewido log that you saved along with a fresh HiJackThis log. :bigthumb:
JustinSane07
2006-05-30, 03:33
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 8:04:44 PM, 5/29/2006
+ Report-Checksum: E570AD5B
+ Scan result:
:mozilla.6:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ax7uqn4c.Default User\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ax7uqn4c.Default User\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ax7uqn4c.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ax7uqn4c.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ax7uqn4c.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ax7uqn4c.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
JustinSane07
2006-05-30, 03:33
:mozilla.218:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.343:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.371:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.372:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.391:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.400:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.416:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.417:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.422:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.423:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.424:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.425:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.426:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.427:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.430:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.431:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.432:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.433:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.436:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.437:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.438:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.439:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.440:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.441:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.442:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.444:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.454:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.455:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.456:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.457:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.458:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.459:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.460:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.462:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.463:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.464:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.466:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.467:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.468:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.469:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.470:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
JustinSane07
2006-05-30, 03:34
:mozilla.477:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.478:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.479:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.480:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.509:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.510:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.511:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.520:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.533:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.609:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.642:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.644:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.649:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.650:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.661:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.662:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.663:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.664:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.665:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.667:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.697:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.698:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.699:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.700:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.701:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.702:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.703:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.704:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.705:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.706:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.707:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.708:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.709:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.710:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.711:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.712:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.713:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.714:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.715:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.716:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.717:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.718:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.719:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.720:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.721:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.722:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.723:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.724:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.725:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.726:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.727:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.728:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.729:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.730:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.731:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.732:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.733:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.734:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.735:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.736:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.737:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.738:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.739:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.740:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.741:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.742:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.743:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.744:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.745:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.746:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.751:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.752:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.753:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.773:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.806:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.807:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.815:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.822:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.823:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.824:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.825:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.826:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.828:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.829:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.830:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.831:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.832:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.833:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.859:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.860:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.874:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.877:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.878:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.883:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.884:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.885:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.886:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.887:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.893:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.894:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.895:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.896:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.897:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
JustinSane07
2006-05-30, 03:34
:mozilla.900:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Adtrak : Cleaned with backup
:mozilla.931:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.932:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.933:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@cityclub.gamingpromo[2].txt -> TrackingCookie.Gamingpromo : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@commission-junction[1].txt -> TrackingCookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@ehg-411web.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@ehg-aviatechllc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@ehg-kurani.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@ehg-minglematch.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@ehg-nestleusainc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@ehg-theviptour.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@ehg-traderpublishing.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@ford.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@gamingpromo[1].txt -> TrackingCookie.Gamingpromo : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@heritagegalleries.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@install.bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@wholesalemarketer.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@www.adtrak[2].txt -> TrackingCookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Mike\Local Settings\Temp\sdexe.exe -> Downloader.PurityScan.cl : Cleaned with backup
C:\Program Files\D-Tools\pfctoc.exe -> Adware.Agent : Cleaned with backup
C:\WINDOWS\drsmartload45a.exe -> Downloader.Adload.bq : Cleaned with backup
C:\WINDOWS\drsmartload46a.exe -> Downloader.Adload.bq : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\sys11-2069029828.exe -> Adware.Enbrow : Cleaned with backup
C:\WINDOWS\system32\rk.bin -> Adware.RK : Cleaned with backup
C:\WINDOWS\system32\rlls.dll -> Adware.RK : Cleaned with backup
C:\WINDOWS\system32\rlvknlg.exe -> Adware.RK : Cleaned with backup
C:\WINDOWS\system32\ZICORN003.exe -> Adware.ZenoSearch : Cleaned with backup
::Report End
JustinSane07
2006-05-30, 03:35
Logfile of HijackThis v1.99.1
Scan saved at 8:29:51 PM, on 5/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Mike\Desktop\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Launch G-series Keyboard Profiler.lnk = C:\Program Files\Logitech\G-series Software\LGDCore.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
Updating Java and Clearing Cache
Go to Start > Control Panel double-click on the Software icon > Add/Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
It should have next icon next to it: http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.jpg
Select it and click Remove.
Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
It will say "Java Plug-in" under the icon.
Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
If you are unable to update you can manually update by going here:
http://java.sun.com/j2se/1.5.0/download.jsp (http://java.sun.com/j2se/1.5.0/download.jsp)
After the reboot, go back into the Control Panel and double-click the Java Icon.
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 Checked
Downloaded Applets
Downloaded Applications
Other Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.
==
Hows the system running now? :bigthumb:
JustinSane07
2006-05-30, 15:02
I haven't done the Java thing yet, but when I woke up, my Norton had this alert up.
Event: Virus Found!
Virus name: Trojan Horse
File: C:\System Volume Information\_restore{611E8151-8DAA-4445-B62D-7EBA23872AD8}\RP257\A0024483.exe
Location: Quarantine
That's nothing to worry about. Just let me know when you have updated Java and if you have any other symptoms. It should go with cleaning up system restore :)
JustinSane07
2006-05-30, 15:24
Well I ran the Java thing, and I haven't had any problems so far except for one lingering one that won't go away.
http://img.photobucket.com/albums/v449/justinsane07/problem.jpg
The backgrounds for the icons aren't transparent anymore and it's not the Performance setting. All of those options are checked off.
Also, this is my HiJackThis log after the Java clean up.
Logfile of HijackThis v1.99.1
Scan saved at 8:15:50 AM, on 5/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mike\Desktop\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Launch G-series Keyboard Profiler.lnk = C:\Program Files\Logitech\G-series Software\LGDCore.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
Not too sure on that one. Here's one suggestion tho, download RegSeeker here: http://www.snapfiles.com/get/regseeker.html
Unzip it to your desktop, launch the tool, go to the "Tweaks" tab. Click Rebuild Icon Cache and OK. Any better?
Also, looks like you didn't update your Java. Uninstall your current one, then visit the link I gave you and install the latest Java.
Let me know how this goes :)
JustinSane07
2006-05-30, 16:01
I've got the latest. Version 5, Update 6. There was nothing to update.
JustinSane07
2006-05-30, 16:06
RegSeeker did nothing for me. It just moved all the icons.
JustinSane07
2006-05-30, 16:10
I'm also still getting a pop up dialog box for some poker thing.
I wish these forums had an edit function!
Well, actually not, the latest Java update is Update 7, as you can see from the link I gave ya, in the Java update speech. http://java.sun.com/j2se/1.5.0/download.jsp
Ok. Lets see if there's something HijackThis isn't showing us..
Please download WinPFind (http://www.bleepingcomputer.com/files/winpfind.php):
Right-click the Zip Folder and Select "Extract All"
Extract it somewhere you will remember like the Desktop
Dont do anything with it yet.
==
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
==
Double-click WinPFind.exe
Click "Start Scan"
It will scan the entire System, so please be patient!
Once the Scan is Complete:
Go to the WinPFind folder
Locate WinPFind.txt
Place those results in the next post.
==
Reboot normally and post back with the contents of WinPFind.txt log.
JustinSane07
2006-05-31, 03:06
Man, whatever it is on my PC, it's annoying. It randomly plays audio files that have no taskbar indication or task manager process.
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
PEC2 5/20/2006 8:11:38 PM 258844245 C:\Vampire RPG Core books.zip
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 8/22/2004 5:04:56 PM 69120 C:\WINDOWS\daemon.dll
Checking %System% folder...
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
aspack 5/26/2005 4:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll
aspack 7/22/2005 8:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll
PEC2 8/4/2004 8:56:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 4/19/2006 4:09:20 PM 619156 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 4/19/2006 4:09:20 PM 619156 C:\WINDOWS\SYSTEM32\DivX.dll
PTech 4/10/2006 1:00:34 PM 555824 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 5/4/2006 12:26:22 AM 5818784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 5/4/2006 12:26:22 AM 5818784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 8:56:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 8:56:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/4/2004 8:56:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
5/30/2006 7:35:46 PM S 2048 C:\WINDOWS\bootstat.dat
5/29/2006 9:48:20 PM H 54156 C:\WINDOWS\QTFont.qfn
4/9/2006 5:32:22 PM RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme
4/9/2006 5:32:22 PM RH 0 C:\WINDOWS\assembly\pubpol1.dat
5/26/2006 9:12:08 PM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index38.dat
5/17/2006 12:50:50 AM S 95392 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem12.CAT
5/4/2006 11:24:16 PM S 8840 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem13.CAT
4/10/2006 1:01:22 PM S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
5/30/2006 7:35:40 PM H 8192 C:\WINDOWS\system32\config\default.LOG
5/30/2006 7:35:58 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
5/30/2006 7:35:48 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
5/30/2006 7:36:16 PM H 98304 C:\WINDOWS\system32\config\software.LOG
5/30/2006 7:36:02 PM H 1155072 C:\WINDOWS\system32\config\system.LOG
5/11/2006 8:24:00 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
4/15/2006 7:41:36 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\9e59221e-4c09-489b-8c89-b1c00bc92c7b
4/15/2006 7:41:36 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
5/30/2006 7:34:44 PM H 6 C:\WINDOWS\Tasks\SA.DAT
JustinSane07
2006-05-31, 03:07
Checking for CPL files...
Microsoft Corporation 8/4/2004 8:56:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 2:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Silicon Image 12/4/2001 6:59:06 PM 77824 C:\WINDOWS\SYSTEM32\SilSupp.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/4/2004 8:56:00 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
10/11/2005 11:52:10 PM 1930 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
5/3/2006 1:58:20 PM 1769 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
10/11/2005 6:35:58 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Checking files in %ALLUSERSPROFILE%\Application Data folder...
10/11/2005 2:26:58 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
5/26/2006 8:38:00 PM 1755 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Checking files in %USERPROFILE%\Startup folder...
10/11/2005 6:35:58 PM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
10/11/2005 2:26:58 PM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini
JustinSane07
2006-05-31, 03:08
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
sv1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATICCC "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
vptray C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
JustinSane07
2006-05-31, 03:08
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ABIT uGuru
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item uGuru
hkey HKLM
command C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item uGuru
hkey HKLM
command C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CTHELPER
hkey HKLM
command CTHELPER.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CTHELPER
hkey HKLM
command CTHELPER.EXE
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GuruClock
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item GuruClock
hkey HKLM
command C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item GuruClock
hkey HKLM
command C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Logitech Hardware Abstraction Layer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item KHALMNPR
hkey HKLM
command KHALMNPR.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item KHALMNPR
hkey HKLM
command KHALMNPR.EXE
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MsnMsgr
hkey HKCU
command "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MsnMsgr
hkey HKCU
command "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\REWARDS NETWORK
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item brntray
hkey HKLM
command C:\Program Files\Rewards Network\brntray.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item brntray
hkey HKLM
command C:\Program Files\Rewards Network\brntray.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\URLy Warning
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item URLyWarning
hkey HKCU
command "C:\Program Files\URLy Warning\URLyWarning.exe" -quiet
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item URLyWarning
hkey HKCU
command "C:\Program Files\URLy Warning\URLyWarning.exe" -quiet
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\zBrowser Launcher
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTouch
hkey HKLM
command C:\Program Files\Logitech\iTouch\iTouch.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTouch
hkey HKLM
command C:\Program Files\Logitech\iTouch\iTouch.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe
Shell = explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
= C:\WINDOWS\system32\NavLogon.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 5/30/2006 7:46:12 PM
That didn't help much either..
Your logs are actually coming out clean. I think you'll need an Anti-virus program and Firewall right now, we'll see if that helps.
Is your Norton subscription still up and running? Is the software updated? Does it include firewall?
If there's no firewall, please pick one of these:
ZoneAlarm (http://www.zonelabs.com/store/content/company/products/trial_zaFamily/trial_zaFamily.jsp?lid=home_freedownloads)
Sygate Personal (http://soho.sygate.com/products/spf_standard.htm)
OutPost Personal Firewall (http://www.agnitum.com/download/outpost1.html)
Also, IF you're Anti-virus is out of date/your subscription is out of date, please get this free A/V software:
AVG (http://www.grisoft.com/us/us_dwnl_free.php).
Download & install it, configure it how you wish, update it. Next, run a scan with it (set it to scan everything it can). Remove/quarantine found items. Reboot (if there was any findings).
I want to see the following list:
Open HiJackThis
Click on the configure button on the bottom right
Click on the tab "Misc Tools"
Click on the Box that says "Uninstall Manager"
Click on the button "Save list"
Copy and paste the List from the notebook onto your post. :)
JustinSane07
2006-05-31, 23:55
I have Norton Corporate. The subscription is unlimited.ABC (remove only)
ABIT uGuru
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop CS
Adobe Premiere Pro 1.5
Adobe Reader 7.0.7
Age of Empires III
Alcohol 120%
AOL Instant Messenger
Ares 1.8.6
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
BitPim 0.8.14
Creative Audio Console
Creative System Information
DAEMON Tools
DataPilot USB Driver Pack
DeadAIM
DivX
DivX Converter
DivX Web Player
Fraps (remove only)
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 7
LcdStudio 2.0 build 612
LG ODD Auto Firmware Update
LG USB Modem driver
LGUsbDriver
LiveUpdate 1.80 (Symantec Corporation)
Logitech G-series Keyboard Software
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Office Professional Edition 2003
mIRC
Mozilla Firefox (1.5.0.3)
MSN Messenger 7.5
MSXML 4.0
MSXML 4.0
Need for Speed™ Most Wanted
Nero OEM
QuickTime
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Sound Blaster Audigy 2 ZS
Spybot - Search & Destroy 1.4
Star Wars Empire at War
Steam(TM)
Symantec AntiVirus Client
TeamSpeak 2 RC2
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Ventrilo Client
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinZip
World of Warcraft
WoW Screen
There's no bad programs and stuff seems to be up-to-date. If you don't have a firewall on Norton Corporate (I don't know if it has) -- please install and set up one from my earlier post. Let me know if it helps on your issues.
Also, lets check if there's something hidden:
Please download and save Blacklight (http://www.f-secure.com/blacklight/try.shtml) to your desktop:
Double-click blbeta.exe.
Accept the agreement.
Click Scan.
Click Next.
You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there.
JustinSane07
2006-06-01, 17:08
06/01/06 10:02:49 [Info]: BlackLight Engine 1.0.37 initialized
06/01/06 10:02:49 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/01/06 10:02:49 [Note]: 7019 4
06/01/06 10:02:49 [Note]: 7005 0
06/01/06 10:02:51 [Note]: 7006 0
06/01/06 10:02:51 [Note]: 7011 1688
06/01/06 10:02:51 [Note]: 7026 0
06/01/06 10:02:52 [Note]: 7026 0
06/01/06 10:02:59 [Note]: FSRAW library version 1.7.1015
I'm getting pretty confident that there is no malware on your system. Can you post another HijackThis log for checking please. Also, did that firewall help any of your issues? Can you also list all your current problems :)
JustinSane07
2006-06-02, 02:48
Logfile of HijackThis v1.99.1
Scan saved at 7:47:08 PM, on 6/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Mike\Desktop\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Launch G-series Keyboard Profiler.lnk = C:\Program Files\Logitech\G-series Software\LGDCore.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
I haven't tried using a firewall, but I can't figure out how that would help me if I did.
My current problems are a poker pop up that causes explorer.exe to restart after I close it, random audio advertisements that play, and it seems to have hijacked some of my desktop (as I noted in the picture I posted earlier).
Only thing I could think of on your logs, would be interesting to know what this is:
C:\Program Files\URLy Warning\URLyWarning.exe
I can't find any good info on the .exe file and the program itself is pretty suspicious. Anything you installed yourself?
JustinSane07
2006-06-02, 15:04
Yeah, URLYWarning is a program that alerts you when a website updates. I was using it back in November for XBox 360 sales.
But I think I might have found the culprit. The Dr. Watson debugger. I _never_ installed it. And when I end the process, it comes right back.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/drwatson_setup.mspx?mfr=true
I'd suggest uninstalling this URLyWarning. I don't know it, and it could be adware based program.
To check, please surf here: www.virustotal.com
Paste this in the box next to the "Browse" button: C:\Program Files\URLy Warning\URLyWarning.exe
Hit Send and let me know what comes up. As for the Dr. Watson Debugger.. I know there's been problems with it. But if your only problems at the moment are popups, then it's not Dr. Watson. :)
JustinSane07
2006-06-03, 16:15
Well I uninstalled the URLY Warning program a long time ago. I highly doubt it'd be causing problems now.
And could Dr. Watson be behind why my desktop is getting hijacked?
No, it couldn't.
Please just install that firewall. Even if it doesn't help you with this particular problem, your system will be safer after setting one up.
How is your desktop getting hijacked? Can you post a screenshot? Only problem on your desktop earlier was the small icon problem.
I know this is getting frustrating for both of us. I simply can't see anything malware based on your logs that would hijack your desktop or would give you any kind of popups.
JustinSane07
2006-06-04, 02:05
Well there's the icon problem, and sometimes I can't move icons around. It also frequently locks up. It almost sounds like a virus is infecting explorer.exe.
Also, the poker pop up I'm getting, when I close it with the X button, explorer.exe crashes and restarts.
Got some help from the other Staff members..
Change the theme, then go to the apperance tab under
"windows and buttons" and change it, hit apply, then change back to xp style.
Then lets look at a startuplist log... Please reboot into Safe Mode and create the following:
Open HiJackThis
Click on the configure button on the bottom right
Click on the tab "Misc Tools"
Check the 2 boxes next to the Box that says "Generate StartupList log"
Click on the button "Generate StartupList log"
Copy and paste the StartupList from the notebook onto your post.
JustinSane07
2006-06-06, 17:02
I haven't gotten a chance to try doing the HiJackThis in safe mode yet, but check this out. It started this morning.
http://img.photobucket.com/albums/v449/justinsane07/problem2.jpg
To me, at this point, it looks like something has hijacked or infected explorer.exe.
JustinSane07
2006-06-06, 17:08
Okay, I just had one of those advertisements give me a 404 Error. So I propertied it to trace the path, and this the path I got
res://C:\WINDOWS\system32\shdoclc.dll/http_404.htm#http://ads1.revenue.net/l?site_id=14657&pplacement_id=1
Please post that startuplist from Safe Mode.. :)
LonnyRJones
2006-06-11, 10:26
JustinSane07 whats Up ?
Five pages. :scratch:
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a pm and provide a link to the thread.
Applies only to the original topic starter.