Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Member
    Join Date
    Jul 2006
    Posts
    12
    Points
    0

    Default another hyjackthis log

    I'm pretty sure I have a trojan. I opened up firefox and went to google.
    I was then doing something else and it crashed. I have two windows open now that I'm scared to click on

    One says welcome to mozilla quality feedback
    the other is a send report to microsoft but there is no X box in the upper right.

    I've tried virus scans and they find nothing which I know can't be true because I've had critical failures on another machine that eventually wouldn't even start up.

    the logfile is

    Logfile of HijackThis v1.99.1
    Scan saved at 11:56:27 PM, on 7/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
    C:\PROGRA~1\COMMAN~1\COMMAN~1\untray.exe
    C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Adobe2\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Corel\Graphics8\Programs\MFIndexer.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\talkback.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Cary Allen\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.npr.org/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe2\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe2\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
    O4 - HKLM\..\Run: [untray] C:\PROGRA~1\COMMAN~1\COMMAN~1\untray.exe
    O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe
    O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
    O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe2\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
    O4 - Global Startup: CSM VPN Client.lnk = C:\Program Files\CSM\VPN Client\vpngui.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.514.27546\GoogleUpdater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/...l/SymDlBrg.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A769EB95-F2F6-4E2C-9486-63F088AAECFD}: NameServer = 138.67.1.2,138.67.1.3
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: avinitnt - Command Software Systems, Inc. - C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\CSM\VPN Client\cvpnd.exe
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: schscnt - Command Software Systems, Inc. - C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    I'm really in between a rock and hard one right now.
    Why didn't I become a gardener or something like that. Why did I choose Physics?

  2. #2
    Member 1972vet's Avatar
    Join Date
    Mar 2006
    Posts
    275
    Points
    35

    Default

    Your log does not show any malware problem.

    The entry:
    O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
    Has been labeled a "Backdoor Trojan" on many mirror sites hosting HijackThis resources. The file can be harmless. Of course, any file name can be used by malware. Read this before you decide if yours is one that was shipped with your computer...More here.

    I do have some advice however. You are running two Antivirus applications in real time.

    Running two antivirus applications actually reduces your level of protection. You also run the risk of data loss from a complete system crash that the instability can cause. Please decide which to keep and uninstall or disable the other.

    Please run HijackThis again and check the following:
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)


    Close all windows except for HijackThis, then click Fix Checked.

    Reboot and post a new HijackThis log. Please advise how the system is performing for you now and if you are having any other issues. Thanks!
    Disabled Veteran
    U.S.C.G.

    CastleCops Graduate 1st Responder

    Member:
    A.S.A.P.

  3. #3
    Member
    Join Date
    Jul 2006
    Posts
    12
    Points
    0

    Default tried your suggestion

    It has taken about an hour to boot.

    This might be beause of what you said having too many antivirus?

    I got a task bar up and there are five svchost.exe running

    1st Local service
    2nd Network Service
    3rd System taking 99% of memory
    4th Network
    5th System

    hijackthis is not responding after scan.

    Suggestions for what to do?
    Why didn't I become a gardener or something like that. Why did I choose Physics?

  4. #4
    Member
    Join Date
    Jul 2006
    Posts
    12
    Points
    0

    Default I hit the power button

    I decided I was going to burn up my computer, I hit the power button (this is an emachine)

    After awhile it said ending program ccAp.exe, then it ended Bigfix.exe, then it ended explorer.exe, and finally it asked me end now or cancel for another exporer.exe and I hit end now.

    Cary
    Why didn't I become a gardener or something like that. Why did I choose Physics?

  5. #5
    Member
    Join Date
    Jul 2006
    Posts
    12
    Points
    0

    Default sorry forgot to add

    and it powered down.

    I should have noted from the beginning that I have system recovery turned off, I've shown all hidden files and shown attributes in windows/system32.
    Why didn't I become a gardener or something like that. Why did I choose Physics?

  6. #6
    Member 1972vet's Avatar
    Join Date
    Mar 2006
    Posts
    275
    Points
    35

    Default

    How long has it been since your last Disk Cleanup and Defrag?

    Copy the text below, between the lines, to Notepad and save it to your Desktop as "Cleantempfiles.bat" but without those quote marks.
    ---------------------------------------------------------
    del c:\*.tmp
    del %temp%\*.tmp /f
    del %windir%\prefetch\*.*
    del %windir%\temp\*.* /f
    del C:\documents and settings\*\local settings\temp\*.* /f
    ----------------------------------------------------------
    Now double click on the .bat file on your Desktop and answer "Yes" to each question to allow the batch to run. When finished the command prompt window will disappear. Reboot at this point and delete the .bat file on your Desktop.

    Next, click start-->Choose Run in the Start Menu and type or copy and paste the following in the Run box and press ENTER:
    cleanmgr /sageset:1

    What you're doing here is setting up a cleaning profile for Disk Cleanup to use later on. When you type the above, a dialog box will appear with a list of junk file types that you can select for removal. You'll notice, you have more options to choose from here than you would if you were to just open up your cleanmgr from the "All Programs-->Accessories-->Tools" menu. Select which options you want to clean up by putting a check mark in each one but Do not put a check in the box for "Compress old files".
    - Click OK after making your choices.

    Now, copy the text below (between the lines) to Notepad and save it to your Desktop as "CleanUpandDeafrag.bat" but again, without those quote marks:
    --------------------
    @echo off
    cleanmgr /sageset:1
    cleanmgr /sagerun:1
    defrag c:
    @exit
    --------------------

    Now, double click on the .bat file on your Desktop and click "OK".
    When the clean up and defrag complete, reboot your computer. You can save that .bat file and double click on it about once a week to run your automated clean up and defrag with one click so-to-speak.

    Download Ewido anti-spyware to your desktop.
    This is a 30 day free trial. At the end of the 30-day trial period the full version features (active guard, automatic updates...) will be deactivated and the program will become a feature-limited freeware version...You can still keep it and use it for "On Demand" scanning.
    • Double click the icon on the desktop to launch the set up program.
    • Select Change state to inactivate "Resident Shield" and "Automatic Updates". Right click on ewido in the system tray and uncheck "Start with Windows".
    • Once the setup is complete you will need to update the definition files.
    • On the main screen select the icon Update then select the Update now link.
    • Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
    • Once in the Settings screen click on Recommended actions and then select Quarantine.
    • Under Reports
    • Select Automatically generate report after every scan
    • Un-Select Only if threats were found


    Close ewido anti-spyware.

    Please boot into Safe mode:

    Restart the computer and immediately begin tapping the F8 key (or F5 on some Dell machines).
    Use the arrow keys to highlight Safe Mode and press the Enter key. Once in safe mode, continue with the instructions below:

    • Launch ewido anti-spyware by double-clicking the icon on your desktop.
    • Select the Scanner icon at the top, then the Scan tab then click on Complete System Scan.
    • ewido will now begin the scanning process, be patient this may take some time.
    • When prompted of an infection, please select Apply all actions


    Once the scan is complete do the following:
    • Next select the Reports icon at the top.
    • Select the Save report as button in the lower left hand of the screen and save it to your Desktop.

    Now close ewido anti-spyware.

    Reboot back into your normal user mode.

    Post back a new HijackThis log along with the log from your Ewido scan, and let us know how the computer is now behaving. Also, please advise if you are still having any issues.

    Thanks!
    Disabled Veteran
    U.S.C.G.

    CastleCops Graduate 1st Responder

    Member:
    A.S.A.P.

  7. #7
    Member 1972vet's Avatar
    Join Date
    Mar 2006
    Posts
    275
    Points
    35

    Default

    I'm curious, how long you have had the Acronis True Image Software?

    I know the Acronis True Image Software will slow your system down, but One Hour to reboot is a bit much.

    There is a forum devoted to Acronis Software at Wilder's Security. Perhaps if you posted the question to those folks, one of them might get right back to you with an answer about that.
    Disabled Veteran
    U.S.C.G.

    CastleCops Graduate 1st Responder

    Member:
    A.S.A.P.

  8. #8
    Member
    Join Date
    Jul 2006
    Posts
    12
    Points
    0

    Default cool

    Seems i didn't have the problems I thought. Thanks for you're help.

    lots of trackers

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 7:30:12 PM 7/12/2006

    + Scan result:



    :mozilla.10:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.11:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.12:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.13:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.14:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.15:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.16:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.179:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.17:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.18:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.19:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.20:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.21:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.22:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.23:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.24:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.25:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.26:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.27:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.28:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.29:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.30:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.38:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.6:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.8:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.9:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@gateway.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@siemens.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.420:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@rotator.dex.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@thunderbolt.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
    :mozilla.400:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.401:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.402:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.346:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
    :mozilla.347:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
    :mozilla.474:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    :mozilla.88:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
    :mozilla.100:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.101:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.102:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.103:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.406:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.98:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.99:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.118:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    :mozilla.119:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    :mozilla.120:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    :mozilla.121:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@e-2dj6wjloemazgeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    :mozilla.356:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.357:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.70:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.71:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.72:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.495:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
    :mozilla.496:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup (quarantined).
    :mozilla.421:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.422:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.423:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.436:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.437:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.438:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.439:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.440:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.441:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.442:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.443:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.444:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
    :mozilla.236:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    :mozilla.237:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    :mozilla.246:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    :mozilla.41:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.42:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.43:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.44:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.45:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.251:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    :mozilla.260:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    :mozilla.128:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    :mozilla.129:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    :mozilla.130:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    :mozilla.282:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.283:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.284:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.285:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.407:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@www.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    :mozilla.289:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.290:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.291:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.300:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.301:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.310:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
    :mozilla.311:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.312:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.315:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.316:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
    :mozilla.84:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
    :mozilla.359:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.360:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.361:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cary Allen\Cookies\cary allen@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.348:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.349:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.350:C:\Documents and Settings\Cary Allen\Application Data\Mozilla\Firefox\Profiles\1jh53d4v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


    ::Report end

    --------------------------------
    Logfile of HijackThis v1.99.1
    Scan saved at 7:42:01 PM, on 7/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
    C:\Program Files\CSM\VPN Client\cvpnd.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\PROGRA~1\COMMAN~1\COMMAN~1\untray.exe
    C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Adobe2\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Corel\Graphics8\Programs\MFIndexer.exe
    C:\Program Files\Google\Google Updater\1.1.514.27546\GoogleUpdater.exe
    C:\Documents and Settings\Cary Allen\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.npr.org/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe2\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe2\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
    O4 - HKLM\..\Run: [untray] C:\PROGRA~1\COMMAN~1\COMMAN~1\untray.exe
    O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe
    O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe2\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
    O4 - Global Startup: CSM VPN Client.lnk = C:\Program Files\CSM\VPN Client\vpngui.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.514.27546\GoogleUpdater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://a248.e.akamai.net/f/248/5462/...l/SymDlBrg.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A769EB95-F2F6-4E2C-9486-63F088AAECFD}: NameServer = 138.67.1.2,138.67.1.3
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc)
    Why didn't I become a gardener or something like that. Why did I choose Physics?

  9. #9
    Member 1972vet's Avatar
    Join Date
    Mar 2006
    Posts
    275
    Points
    35

    Default

    Congratulations, your log looks clean! There is a Java update that you should install. First uninstall your version. Click start-->control panel-->add/remove programs. Scroll down the list and locate each instance of Java (May be listed something like J2SE Runtime Environment). Click Remove. Reboot when finished uninstalling.

    You can download the latest version of Java here.

    Now that your system is clean, let's create a new restore point.
    Please click "Start > Programs > Accessories > System Tools > System Restore"
    In the new window, check the 'Create a restore point' in the right pane and click "Next".
    In the "Restore point description" textbox, name your restore point to something you will easily recognize. I recommend something like yyyymmdd_Clean (ex. 20060101_Clean)
    Click "Create" and reboot your computer.

    In the future, there are some things you can do to prevent spyware infections:

    Install the following freeware programs:
    SpywareGuard
    Spywareblaster

    Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

    If you do not have a firewall, here are a couple freeware firewalls you can install:
    Kerio Personal Firewall
    Zone Alarm

    Stay updated with the most recent Windows patches using
    Microsoft's Windows Update.

    Using an alternate browser can reduce your chance of certain infections installing themselves. We recommend installing Mozilla Firefox from http://www.mozilla.org

    If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

    Run CCleaner often
    or Disk Cleanup ("Start > Programs > Accessories > System Tools > Disk Cleanup") and check off the following:
    Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files

    So how did I get infected in the first place?
    Regards, and Happy Surfing!
    Disabled Veteran
    U.S.C.G.

    CastleCops Graduate 1st Responder

    Member:
    A.S.A.P.

  10. #10
    Member
    Join Date
    Jul 2006
    Posts
    12
    Points
    0

    Default thanks

    I've got a lot of invaluable help here. This site and the folks on it are very kind. I'll definitely support this cause. I took all you're advice and it seems things are great.

    Thanks again,
    Cary
    Why didn't I become a gardener or something like that. Why did I choose Physics?

Page 1 of 2 12 LastLast