Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Need help

Started by Clown_Juic3 , Feb 05 2006 06:39 PM

  • This topic is locked This topic is locked
13 replies to this topic

#1 Clown_Juic3

Clown_Juic3

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 05 February 2006 - 06:39 PM

I had posted here once before for my friend and his computer he had decided to reformat so i never made a hijackthis log so I need another link as to what to do for my computer because my sister downloaded FishTycoonSetup-dm it cant be deleted adn if i google it its a game for cell phones, its realkly weird because no new processes are running and im unshure on what to do plz help ill repost after I download hijack this and run those programs plz and ty

    Advertisements

Register to Remove

#2 Clown_Juic3

Clown_Juic3

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 05 February 2006 - 07:08 PM

Ok I was looking at other posts and i ran all the spyware programs started all my programs in msconfig restarted and heres my log



Logfile of HijackThis v1.99.1
Scan saved at 8:06:56 PM, on 2/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\r_server.exe
C:\Program Files\Creative\ShareDLL\MEDIADET.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\program files\steam\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\SBLive\RemoteCenter\Rc\Rcman.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Cory\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = filter.cleanweb.net:8080
F3 - REG:win.ini: load=??? ?
F3 - REG:win.ini: run=??? ?
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Cory"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\SBLive\RemoteCenter\Rc\Rcman.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LBConfig] C:\DOCUME~1\Cory\LOCALS~1\Temp\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\LBConfig\Setup.exe /Config -s
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: PCPitstop-Tracks-Checker -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2) -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) -
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)

#3 Clown_Juic3

Clown_Juic3

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 05 February 2006 - 07:14 PM

also im sorry but my coumputers cd disk drive stoped reading disks and also cant burn them its weird it has been happening for awhile im not sure if you help with that if not thats fine

#4 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 11 February 2006 - 10:49 AM

Open Spybot Mode | Advanced
Tools | Resident and untick the box for TeaTimer to disable it.
Exit Spybot.
In the Windows system tray, if the TeaTimer icon is still present, right click it and exit the TeaTimer.
Please leave it disabled until we are finished fixing your machine. At which time you may restart TeaTimer.

Disable SpywareGuard, it may hinder the fix.

Right click the running icon of Spywareguard, it will open the program.
Then go to Menu, file, exit.
Then confirm the program is closed.
Reverse the process when you’ve carried out the advise.

Download System Security Suite v1.04 here
Tutorial here.

Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later.

Reboot in safe mode. Close all Browser and Program Windows.
Have HijackThis fix the following. Do this by checking the box beside each and then clicking on Fix checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
F3 - REG:win.ini: load=???
?#
F3 - REG:win.ini: run=???
?#
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O16 - DPF: PCPitstop-Tracks-Checker -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2) -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) -


You may need to set you computer to show hidden files. Click here for Instructions.
Then click start>my computer>local disk
(then follow the path) or Using Windows Explorer, locate the following files/folders, and delete them:
Delete the folder(s) listed

C:\Program Files\Acceleration Software
C:\Program Files\Viewpoint

Reboot then Run 3S under “Items To Clear” tab place a checkmark in all of them but user defined folders.
Reboot and Rescan with HJT and post a new log here.
Also please describe how your computer behaves now.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#5 Clown_Juic3

Clown_Juic3

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 12 February 2006 - 10:42 PM

Thank you for your speedy response I couldnt find the folders you asked me to delete also I have hidden files always show

C:\Program Files\Acceleration Software
C:\Program Files\Viewpoint

those folders

anyway my new log is right here

Logfile of HijackThis v1.99.1
Scan saved at 11:40:37 PM, on 2/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Creative\ShareDLL\MEDIADET.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\program files\steam\steam.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Creative\SBLive\RemoteCenter\Rc\Rcman.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Cory\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = filter.cleanweb.net:8080
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Cory"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\SBLive\RemoteCenter\Rc\Rcman.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LBConfig] C:\DOCUME~1\Cory\LOCALS~1\Temp\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\LBConfig\Setup.exe /Config -s
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: PCPitstop-Tracks-Checker -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} -
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

btw in my backgroud proccess a rundll32 shows up as running from my name not system and i dont think its susposed to any ideas on the log or w/e let me know thanks also comp starts up alot faster after first log fix also my aol instant messanger likes to randomly close itself while siging me off but at my buddies house it does not do that i have reinstaled other version btw

Edited by Clown_Juic3, 12 February 2006 - 10:43 PM.

#6 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 12 February 2006 - 10:52 PM

Download Ewido Security Suite it is a trial version of the program.
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.
Now close ewido security suite and post the results here.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#7 Clown_Juic3

Clown_Juic3

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 13 February 2006 - 12:54 AM

I imagine you wanted the ewido log? if not just repost with hjt log or something ill get right on it --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 1:52:51 AM, 2/13/2006 + Report-Checksum: 3DE63B26 + Scan result: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup :mozilla.20:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.21:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.22:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.23:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.24:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.26:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.27:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.28:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.41:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.43:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.45:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.46:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.47:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.79:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.80:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.81:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.82:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.83:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.84:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.85:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.86:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.97:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.98:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.99:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.100:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.101:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.102:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.103:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.118:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.119:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.196:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.197:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.198:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.199:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.229:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.230:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.231:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.232:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.233:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.235:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.236:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.283:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.284:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.285:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.286:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.288:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.289:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.295:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.296:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.297:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.300:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup :mozilla.301:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.302:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.303:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.304:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.305:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.306:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.309:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup :mozilla.310:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup :mozilla.320:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.321:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.322:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.323:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.324:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.325:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.326:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.327:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.328:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.329:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.330:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.331:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.333:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.334:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.349:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.350:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.351:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.352:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.353:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.354:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.355:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.356:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.357:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.358:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.359:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.360:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.361:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.362:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.363:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.364:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.365:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.366:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.367:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.368:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.369:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.386:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.387:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.388:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.389:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.390:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.391:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.392:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.393:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.394:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.395:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.396:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.397:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.398:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.399:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.400:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.401:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.402:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.403:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.404:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.405:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.406:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.407:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.408:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.409:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.410:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.411:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.412:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.413:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.414:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.415:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.416:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.417:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.418:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.419:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.420:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.421:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.422:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.423:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.424:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.425:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.426:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.427:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.428:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.429:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.430:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.431:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.432:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.433:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.434:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.435:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.439:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.440:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.441:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.442:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.443:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.444:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.464:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.465:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.466:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.467:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.468:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.469:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.470:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.471:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.472:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.473:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.475:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.477:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.478:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.479:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.480:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.481:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.482:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.483:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.558:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.559:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.560:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.561:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.563:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.564:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.565:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.566:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.567:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.568:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.569:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.570:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.572:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.573:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.581:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.582:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.583:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.584:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.585:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.598:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.599:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.600:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.601:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.605:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.607:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup :mozilla.608:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup :mozilla.609:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup :mozilla.618:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup :mozilla.619:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup :mozilla.620:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup :mozilla.625:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup :mozilla.626:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup :mozilla.657:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.658:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.659:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.660:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.661:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.662:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.673:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.683:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.693:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup :mozilla.694:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.721:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup :mozilla.726:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.727:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.730:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Realcastmedia : Cleaned with backup :mozilla.779:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.785:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.787:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.788:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.789:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.790:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.791:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.792:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.794:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup :mozilla.795:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup :mozilla.797:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup :mozilla.806:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.807:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.815:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.816:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup :mozilla.818:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.819:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.820:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.824:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup :mozilla.831:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.838:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.839:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.840:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.844:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.845:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.846:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.847:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.848:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.849:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.850:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.851:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.852:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.853:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.854:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.885:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup :mozilla.886:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.887:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.890:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.891:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.892:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.896:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup :mozilla.897:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup :mozilla.898:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.909:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.913:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup :mozilla.928:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.929:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.942:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.950:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.954:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.959:C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\default.e7p\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup C:\Documents and Settings\Cory\Desktop\FishTycoonSetup-dm.exe -> Adware.Trymedia : Cleaned with backup :mozilla.10:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9yx2juhv.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.11:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9yx2juhv.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup ::Report End

#8 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 13 February 2006 - 08:01 AM

Can you post another hijackthis log.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#9 Clown_Juic3

Clown_Juic3

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 13 February 2006 - 11:01 AM

Logfile of HijackThis v1.99.1
Scan saved at 12:00:29 PM, on 2/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Creative\ShareDLL\MEDIADET.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\program files\steam\steam.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Creative\SBLive\RemoteCenter\Rc\Rcman.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Cory\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = filter.cleanweb.net:8080
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Cory"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\SBLive\RemoteCenter\Rc\Rcman.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LBConfig] C:\DOCUME~1\Cory\LOCALS~1\Temp\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\LBConfig\Setup.exe /Config -s
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: PCPitstop-Tracks-Checker -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} -
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

#10 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 13 February 2006 - 11:46 AM

Close all programs leaving only HijackThis running. Place a check against each of the following,

O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O16 - DPF: PCPitstop-Tracks-Checker -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} -

Click on Fix Checked when finished and exit HijackThis.
Post back a fresh HijackThis log and we will take another look.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#11 Clown_Juic3

Clown_Juic3

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 13 February 2006 - 02:12 PM

newest log
Logfile of HijackThis v1.99.1
Scan saved at 3:11:23 PM, on 2/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Cory\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = filter.cleanweb.net:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Cory"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\SBLive\RemoteCenter\Rc\Rcman.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LBConfig] C:\DOCUME~1\Cory\LOCALS~1\Temp\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\LBConfig\Setup.exe /Config -s
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

#12 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 13 February 2006 - 02:21 PM

Log looks clean :thumbup:
how is it running.

To help keep your PC clean follow the recommendations in Tony Klein's article
So how did I get infected in the first place?

One of the best features of Windows XP is the System Restore option,
however if a virus infects a computer with this operating system the virus can be backed up
in the System Restore folder. Therefore, clearing the restore points is necessary after a virus removal.

To reset your restore points, please note that you will need to log into your computer with an account
which has full administrator access. You will know if the account has administrator access because
you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#13 Clown_Juic3

Clown_Juic3

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 14 February 2006 - 12:11 AM

thanks a bunch cmoputers running better then ever besides when i first got it and it had never been hooked up to the internet lol but thanks a bunch and great article

#14 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 14 February 2006 - 06:56 AM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·