Elusive problem

RyderRyder Kalamazoo, Mi Icrontian
edited September 2007 in Spyware & Virus Removal
Hi guys,

I have a friend that has an extremely slow PC and I have not been able to find the cause. If you could take a look at this HJT log and let me know if you see anything.

OS is Windows 2000 Pro. EDIT: (you can tell I use HJT a lot can't you... didn't even know that within the first 3 lines, it gave you that info)

Thanks

Logfile of HijackThis v1.97.7
Scan saved at 5:12:03 PM, on 8/9/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\LogWatNT.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WT32EXE.EXE
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600 NT\bin\ktchnsnk.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Qualcomm\Eudora Mail\Eudora.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\My Documents\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gophersearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ohb - {22DFEAE8-9AD2-4FC6-9CBA-A6566CA3B6EB} - C:\WINDOWS\system32\gpstool.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP OfficeJet Series 600] "C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600 NT\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet Series 600\Install"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -turbo
O4 - HKCU\..\Run: [Startup Manager] "startUp manager.exe"
O4 - Global Startup: Billminder.lnk = C:\Quickenw\billmind.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/install/US/altpmtscab.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124858713285
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D7A7442D-85A9-475F-82F9-65ED4110B4C5} (iiittt Class) - http://gpstool.globaladserver.com/v30/gpstool.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = collins-associates.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = collins-associates.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = collins-associates.com

Comments

  • NuppiNuppi South Ostrobothnia (Finland)
    edited August 2007
    Hi RyderOCZ,

    Welcome to icrontic spyware forum.
    Logfile of HijackThis v1.97.7

    Newest is 2.02 :D

    Please download HERE HJTInstall.exe
    • Save HJTInstall.exe To desktop.
    • doubbleclick HJTInstall.exe-igon.
    • It'll assemble hijackthis to folder C:\Program Files\Trend Micro\HijackThis.
    • Click Install.
    • Assembling program makes shortcut to desktop.
    • When assemling is ready,HijackThis starts
    • Click Do a system scan and save a logfile-button. It'll make a scan and open logfile to notepad.
    • Click first "Edit" > Select All" then "Edit" > "Copy" and paste it to reply.
    • Please do not USE Analyse This-button, because its founds have to be analyzed by skilled person.


    Please send new hijacklog
  • RyderRyder Kalamazoo, Mi Icrontian
    edited August 2007
    Nuppi,

    It may not be the latest version, but can you tell me anything about what I posted?

    I do not have daily access to this machine and my "friend" is not savvy enough to accomplish a new log.

    I will run the newer version when I get over there again, but please tell me if there is anything shown in this version.

    Thanks
  • NuppiNuppi South Ostrobothnia (Finland)
    edited August 2007
    Hi,

    Look another threads so you can see that there is O18-O24 lines missing in that old version.

    And its important W2k and XP
  • RyderRyder Kalamazoo, Mi Icrontian
    edited August 2007
    Finally I am back at the client's house... here is the new log:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:23:18 PM, on 8/31/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\WINDOWS\LogWatNT.exe
    C:\WINDOWS\system32\regsvc.exe
    C:\WINDOWS\system32\MSTask.exe
    C:\WINDOWS\System32\WT32EXE.EXE
    C:\WINDOWS\System32\WBEM\WinMgmt.exe
    C:\Program Files\RealVNC\WinVNC\WinVNC.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600 NT\bin\ktchnsnk.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Qualcomm\Eudora Mail\Eudora.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\freecell.exe
    C:\PROGRA~1\MICROS~1\Office\OUTLOOK.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
    C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gophersearch.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gophersearch.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gophersearch.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ohb - {22DFEAE8-9AD2-4FC6-9CBA-A6566CA3B6EB} - C:\WINDOWS\system32\gpstool.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [HP OfficeJet Series 600] "C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600 NT\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet Series 600\Install"
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -turbo
    O4 - HKCU\..\Run: [Startup Manager] "startUp manager.exe"
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
    O4 - Global Startup: Billminder.lnk = C:\Quickenw\billmind.exe
    O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/install/US/altpmtscab.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124858713285
    O16 - DPF: {D7A7442D-85A9-475F-82F9-65ED4110B4C5} (iiittt Class) - http://gpstool.globaladserver.com/v30/gpstool.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = collins-associates.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = collins-associates.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = collins-associates.com
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: eTrust Antivirus Admin Server (InoNmSrv) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoNmSrv.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
    O23 - Service: Tablet Service (TabletService) - Aiptek - C:\WINDOWS\System32\WT32EXE.EXE
    O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe

    --
    End of file - 6365 bytes
  • NuppiNuppi South Ostrobothnia (Finland)
    edited September 2007
    Hi,

    There is Begin2Search

    Please rescan with hijackthis and check:

    O2 - BHO: ohb - {22DFEAE8-9AD2-4FC6-9CBA-A6566CA3B6EB} - C:\WINDOWS\system32\gpstool.dll

    Close all programs exept hijackthis and click fix checked


    Download ATF-Cleaner by Atribune to your desktop.

    Do not run it yet.

    Run ATF Cleaner Under Main choose: Select All
    Click the Empty Selected button.

    If you use Firefox browser Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program.


    Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security.
      • Click on Change state next to Resident shield. It should now change to inactive.
      • Click on Change state next to Automatic updates. It should now change to inactive.
      • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
      • Wait until you see the Update succesfull message.
    • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    If you are having problems with the updater, you can use this link to manually update ewido.
    AVG Anti-Spyware manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    Once in Safe Mode:

    Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All checkboxes should be ticked.
      • Under Possibly unwanted software:
        • All checkboxes should be ticked.
      • Under Reports:
        • DEselect Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
      IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
      • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
      • At the bottom of the window click on the Apply all Actions button. (3)
        scanavgjk2.jpg
    • When done, click the Save Scan Report button. (4)
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    Reboot back into Normal Mode, and post a new HJT log, along with the AVG Anti-Spyware report.
  • RyderRyder Kalamazoo, Mi Icrontian
    edited September 2007
    Thanks Nuppi, now I just need to get over there and do all this. :)
  • NuppiNuppi South Ostrobothnia (Finland)
    edited September 2007
    Hi

    I glad to it, but can you send asked logs :D
  • RyderRyder Kalamazoo, Mi Icrontian
    edited September 2007
    I will do that...but the PC is not close to me, I have to drive to the client's house which I will be doing on Monday, I hope.

    Thanks
  • RyderRyder Kalamazoo, Mi Icrontian
    edited September 2007
    Thanks for being patient Nuppi

    Here are the requested logs:
    AVG Anti-Spyware - Scan Report

    + Created at: 4:46:08 PM 9/11/2007

    + Scan result:



    C:\WINDOWS\Downloaded Program Files\APInstall_Tiny.dll -> Adware.AccessMedia : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\dsktrf.momo -> Adware.Begin2Search : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\dsktrf.momo.1 -> Adware.Begin2Search : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\dsktrf.momo\CLSID -> Adware.Begin2Search : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\dsktrf.momo\CurVer -> Adware.Begin2Search : Cleaned with backup (quarantined).
    C:\Program Files\Trend Micro\HijackThis\backups\backup-20070911-153301-794.dll -> Adware.Beginto : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\dsktrf.amo -> Adware.DesktopTraffic : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\dsktrf.amo.1 -> Adware.DesktopTraffic : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\dsktrf.amo\CLSID -> Adware.DesktopTraffic : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\dsktrf.amo\CurVer -> Adware.DesktopTraffic : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\dsktrf.iiittt -> Adware.DesktopTraffic : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\dsktrf.iiittt.1 -> Adware.DesktopTraffic : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\dsktrf.iiittt\CLSID -> Adware.DesktopTraffic : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\dsktrf.iiittt\CurVer -> Adware.DesktopTraffic : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\dsktrf.ohb -> Adware.DesktopTraffic : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\dsktrf.ohb.1 -> Adware.DesktopTraffic : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\dsktrf.ohb\CLSID -> Adware.DesktopTraffic : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\dsktrf.ohb\CurVer -> Adware.DesktopTraffic : Cleaned with backup (quarantined).
    HKU\S-1-5-21-1085031214-789336058-1202660629-1000\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned with backup (quarantined).
    HKU\S-1-5-21-1085031214-789336058-1202660629-1000\Software\Microsoft\Internet Explorer\MenuExt\Ebates -> Adware.MoneyMaker : Cleaned with backup (quarantined).
    C:\My Documents\Hijackthis\backup-20070501-170654-574.dll -> Adware.SearchAssistant : Cleaned with backup (quarantined).
    C:\Program Files\MediaPipe\altpayV2.exe -> Adware.WeirWeb : Cleaned with backup (quarantined).
    C:\Program Files\altpayV2\altpayV2.exe -> Adware.WeirWeb : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\dllcache\DLLCACHE33\nc.exe -> Backdoor.Ncx.a : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\dllcache\DLLCACHE33\temp -> Backdoor.SdBot.ry : Cleaned with backup (quarantined).
    HKU\S-1-5-21-1085031214-789336058-1202660629-1000\Software\Webdialer -> Dialer.Generic : Cleaned with backup (quarantined).
    HKU\S-1-5-21-1085031214-789336058-1202660629-1000\Software\Webdialer\5-1-25-514 -> Dialer.Generic : Cleaned with backup (quarantined).
    HKU\S-1-5-21-1085031214-789336058-1202660629-1000\Software\Webdialer\li-dimov00001 -> Dialer.Generic : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\13BC86.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\1FE2D707.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\284CDA80.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\31C48F84.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\3E0A7F6A.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\3F8FBCC0.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\431A03DB.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\5055A240.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\558A29D4.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\597C74FB.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\5D07F287.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\60A43E65.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\63F0EA97.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\6B66F8C.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\6BF308A6.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\6D17569A.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\6F83A109.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\7BE97B65.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\7C5CEFD7.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\7FA30F21.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\Phil Collins\360108D8.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\Phil Collins\4774EC65.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    C:\Program Files\Qualcomm\Eudora Mail\spool\Phil Collins\479C7B49.RCV.0.AVB -> Dropper.Zerolin : Cleaned with backup (quarantined).
    :mozilla.81:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.125:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.126:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.144:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.145:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.151:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.152:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.228:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.40:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.65:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.69:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.71:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.72:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.133:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.247:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.248:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.249:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.134:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.224:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.75:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.76:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.77:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.78:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.121:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.174:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.116:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned.
    :mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
    :mozilla.127:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.128:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.240:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.241:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.87:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.88:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.89:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned.
    :mozilla.100:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
    :mozilla.230:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
    :mozilla.218:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.219:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.220:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.248:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
    :mozilla.154:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.187:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.140:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Enliven : Cleaned.
    :mozilla.149:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.114:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.175:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.273:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.14:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.183:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.196:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.197:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.198:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.216:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.219:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.222:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.227:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.231:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.232:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.233:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.26:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.28:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.81:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Information : Cleaned.
    :mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.184:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.189:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.79:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.80:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.254:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Netflame : Cleaned.
    :mozilla.213:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.214:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.242:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.243:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.92:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
    :mozilla.199:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
    :mozilla.223:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
    :mozilla.176:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
    :mozilla.63:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.86:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Revenue : Cleaned.
    :mozilla.256:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.262:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.263:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.264:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.265:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.266:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.26:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
    :mozilla.27:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
    :mozilla.139:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.140:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.141:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.142:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.143:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.144:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.145:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.146:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.229:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Specificpop : Cleaned.
    :mozilla.178:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.66:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.135:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.136:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.137:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.138:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.241:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
    :mozilla.101:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.102:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.207:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.228:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.107:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.151:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.61:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
    :mozilla.138:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.243:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.244:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.247:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.249:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.250:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.252:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.148:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.279:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.280:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.281:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.39:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.7:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.195:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Phil\9qv9ijwc.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.22:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.25:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.272:C:\Documents and Settings\PHIL.COLLINS\Application Data\Mozilla\Profiles\Phil\5omq4anp.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.


    ::Report end



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:55:52 PM, on 9/11/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\WINDOWS\LogWatNT.exe
    C:\WINDOWS\system32\regsvc.exe
    C:\WINDOWS\system32\MSTask.exe
    C:\WINDOWS\System32\WT32EXE.EXE
    C:\WINDOWS\System32\WBEM\WinMgmt.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600 NT\bin\ktchnsnk.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
    C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
    C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gophersearch.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gophersearch.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gophersearch.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [HP OfficeJet Series 600] "C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600 NT\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet Series 600\Install"
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -turbo
    O4 - HKCU\..\Run: [Startup Manager] "startUp manager.exe"
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
    O4 - Global Startup: Billminder.lnk = C:\Quickenw\billmind.exe
    O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/install/US/altpmtscab.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124858713285
    O16 - DPF: {D7A7442D-85A9-475F-82F9-65ED4110B4C5} (iiittt Class) - http://gpstool.globaladserver.com/v30/gpstool.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = collins-associates.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = collins-associates.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = collins-associates.com
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: eTrust Antivirus Admin Server (InoNmSrv) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoNmSrv.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
    O23 - Service: Tablet Service (TabletService) - Aiptek - C:\WINDOWS\System32\WT32EXE.EXE
    O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe

    --
    End of file - 6193 bytes
  • NuppiNuppi South Ostrobothnia (Finland)
    edited September 2007
    Hi,

    It looks better now.

    Have you tried this : Slow Computer? Check here first; it may not be malware
  • RyderRyder Kalamazoo, Mi Icrontian
    edited September 2007
    Yep, looks like I am going to have to dig deeper.

    Thanks for the help, thread can be closed :)
  • jmoney3457jmoney3457 Maine
    edited September 2007
    closed @ OP request:)
This discussion has been closed.