Help - Search - Members - Calendar
Full Version: Quake varient & browser hijack
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
japangreg
Jun 27 2006, 04:19 PM
(cross posted from 'Post your support issues here' in general support - not sure if this is more appropriate place; mods, delete thread if necessary. Thanks!)

I seem to have picked up a nasty infection - got a Quake variant which I think I've got under control, but now have a browser hijacker that refuses to go away.

I've run just about everything I can find to kill this thing (SmitFraudFix, MS Defender, HiJack This, Spy Bot S&D as well as Ad-Aware) but it (ixt0.dll, specifically) just keeps coming back. I should note that both Spy Bot and Ad Aware freeze when I attempt to run a scan; I've read the troubleshooting tips that say to stop the process before it hits the freeze point and repeat as necessary, but I can't even get the stop button to respond.

Below is the Hijack this log, in case anyone can tell me how to proceed by looking at it.

Thanks in advance for any attention/help!

Logfile of HijackThis v1.99.1
Scan saved at 5:30:31 PM, on 6/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7fcf04b6-6354-47ef-b45e-a48268e92757} - C:\WINDOWS\system32\ixt0.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1117493825\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://apps.universalservice.org/include/wficat.cab
O16 - DPF: {240EEE8D-91DB-4D74-A87E-671026601333} (EOLUP.Version) - https://apps.universalservice.org/include/eolupcli.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
jurgenv
Jun 27 2006, 06:00 PM
* You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.
  1. Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  2. It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  3. If you are unable to update you can manually update by going here:
    http://www.java.com/en/download/manual.jsp
* Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

* First download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run ewido and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
Ad-Aware SE Setup
Again, do NOT run a scan yet.


* Next, please reboot your computer in Safe Mode by doing the following:
  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.
* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.

* Next, run Ad-aware and perform a full scan. Remove everything found.
  1. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  3. ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  4. If you have any infections you will prompted, then select "Apply all actions"
  5. Next select the "Reports" icon at the top.
  6. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
* Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.


* Restart your computer in normal mode.

* Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

* Run the Panda online virus scan at http://www.pandasoftware.com/products/activescan.htm

- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

* Finally, restart your computer once more, and please post a new HijackThis log as well as the log from the Ewido scan and the log from the smitRem tool, which will be located at C:\smitfiles.txt.
Let us know if any problems persist.
japangreg
Jun 28 2006, 01:32 AM
Hey Jurgenv. Thank you very much for the help!

The hijack seems to be fixed; requested logs follow, please let me know if you see anything else that should be taken care of.

Logs are long, all 3 will put me over the forum post limit. One log per each following reply.

Hijack This Log:
Logfile of HijackThis v1.99.1
Scan saved at 8:26:31 PM, on 6/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1117493825\ee\AOLHostManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1117493825\ee\AOLServiceHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\yz_dck0083\YzDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1117493825\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - Startup: Shortcut to YzDock.exe.lnk = C:\Program Files\yz_dck0083\YzDock.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://apps.universalservice.org/include/wficat.cab
O16 - DPF: {240EEE8D-91DB-4D74-A87E-671026601333} (EOLUP.Version) - https://apps.universalservice.org/include/eolupcli.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
japangreg
Jun 28 2006, 01:34 AM
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:46:12 PM 6/27/2006

+ Scan result:



C:\!KillBox\ixt0.dll -> Downloader.Zlob.uf : Cleaned with backup (quarantined).
C:\!KillBox\ixt0.dll( 1) -> Downloader.Zlob.uf : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Desktop\hijackthis\backups\backup-20060622-175934-477.dll -> Downloader.Zlob.uf : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Desktop\hijackthis\backups\backup-20060623-174950-374.dll -> Downloader.Zlob.uf : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Desktop\hijackthis\backups\backup-20060623-183458-156.dll -> Downloader.Zlob.uf : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Desktop\hijackthis\backups\backup-20060624-223145-676.dll -> Downloader.Zlob.uf : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Desktop\hijackthis\backups\backup-20060624-225347-403.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined).
:mozilla.218:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.184:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.185:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.186:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.188:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.189:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@chicagosuntimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@cratebarrel.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@hertz.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@indigio.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@marthastewart.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@chicagosuntimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@cratebarrel.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@kohler.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.153:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.155:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.326:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.327:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.148:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.149:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.150:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.151:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.152:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.155:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.246:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.345:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.221:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.222:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.223:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.251:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.252:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.262:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.267:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.247:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.259:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@centrport[2].txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.190:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.191:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.196:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.197:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.219:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.220:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.270:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.271:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.296:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.297:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.321:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.322:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.323:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.324:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@cz2.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@cz9.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.177:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.241:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.242:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.153:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.180:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@e-2dj6wfkosgajigo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@e-2dj6wfkyuldpkao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@e-2dj6wfmyondjigq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@e-2dj6wgk4ekc5cbp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@e-2dj6wgkiehd5oao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@e-2dj6wgkiwhazolp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@e-2dj6wjkosndpmgo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@e-2dj6wjkyeic5wkq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@e-2dj6wjlieidpsho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@e-2dj6wfkouncpckq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.190:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.263:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@cityclub.gamingpromo[2].txt -> TrackingCookie.Gamingpromo : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@gamingpromo[1].txt -> TrackingCookie.Gamingpromo : Cleaned with backup (quarantined).
:mozilla.172:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.180:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.206:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.276:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.289:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.292:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.293:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.339:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.340:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.360:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@ehg-communityconnect.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.124:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.125:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.147:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.226:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.258:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
:mozilla.278:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup (quarantined).
:mozilla.251:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.252:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.253:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.216:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup (quarantined).
:mozilla.344:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.162:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
japangreg
Jun 28 2006, 01:35 AM
C:\Documents and Settings\Amanda\Cookies\amanda@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.292:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.181:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.182:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.229:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.230:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.236:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.353:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.311:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
:mozilla.261:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.262:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.263:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.264:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.264:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.265:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.266:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Amanda\Cookies\amanda@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.227:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.228:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\zxmo2egn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.240:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\alsggjbe.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Greg\Cookies\greg@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end
japangreg
Jun 28 2006, 01:36 AM
smitRem © log file
version 3.0

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Tue 06/20/2006
The current time is: 23:59:34.48

Running from
C:\Documents and Settings\Greg\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url
Security Troubleshooting.url


~~~ Favorites ~~~



~~~ system32 folder ~~~

amcompat.tlb
nscompat.tlb


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 776 'explorer.exe'
Killing PID 776 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! smile.gif
jurgenv
Jun 28 2006, 06:14 AM
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    It should have next icon next to it:
    Select it and click Remove.
  • Then Download and install the newest version from here:
After that, post a new hijackthis log + the report from panda that you forgot to post wink.gif
japangreg
Jun 28 2006, 10:57 PM
Oops, sorry - missed that one. wub.gif

Logfile of HijackThis v1.99.1
Scan saved at 5:53:09 PM, on 6/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1117493825\ee\AOLHostManager.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\AOL\1117493825\ee\AOLServiceHost.exe
C:\Program Files\yz_dck0083\YzDock.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1117493825\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - Startup: Shortcut to YzDock.exe.lnk = C:\Program Files\yz_dck0083\YzDock.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://apps.universalservice.org/include/wficat.cab
O16 - DPF: {240EEE8D-91DB-4D74-A87E-671026601333} (EOLUP.Version) - https://apps.universalservice.org/include/eolupcli.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

Not sure if this is the Panda scan or not:


Incident Status Location

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@atwola[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@belnk[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@ct.360i[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@dist.belnk[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@go[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@i.screensavers[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@searchportal.information[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@target[1].txt
Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\Amanda\Cookies\amanda@www47.buydomains[1].txt
jurgenv
Jun 28 2006, 11:01 PM
Looking good, how is everything working? smile.gif
japangreg
Jun 29 2006, 04:08 PM
Wonderfully. Thanks to you. smile.gif

Thanks again for all your help - it's truly appreciated (and please pass along my thanks to CalamityJane for her kind attention in my other thread).
jurgenv
Jun 29 2006, 04:30 PM
Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at SWI are to help you, for your sake we would rather not have repeat customers. tongue.gif

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are ZoneAlarm, Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck. biggrin.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.