Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Adware Slowing Performance: HiJack Log Included [RESOLVED]


  • This topic is locked This topic is locked

#1
Meredia

Meredia

    Member

  • Member
  • PipPip
  • 21 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:42:40 PM, on 9/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
J:\Program Files\AIM\aim.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\ZyXEL\G360\Gcc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ZyXEL\G360\OdHost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
J:\NeverwinterNights\NWN\nwmain.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Software\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.c...h...TP&M=GM5084
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\local.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TP&M=GM5084
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TP&M=GM5084
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...TP&M=GM5084
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] J:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize
O4 - Startup: .protected
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: .protected
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: ZyXEL G-360 Wireless Adapter Utility.lnk = C:\Program Files\ZyXEL\G360\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - J:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

I've already run a good deal of things I already saw reccomended on here... I've run Avast as a scheduled boot scan, Spybot: Search and Destroy, AdAware SE Personal, CCleaner, Registry Repair (from Grisoft), so on, so forth... I've done the cleaning in safe mode, with the system restore disabled, cleaned out cookies, temporary files, temporary internet files, and the recycle bin. Every time, it keeps coming back... And viruses as well, in spite of my ZoneAlarm firewall. I have a feeling it's all related, embedded crap.
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi Meredia and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.


Please make sure that you ENABLE System Restore. An infected Restore Point is better than no restore point at all. Do not disable your system restore function unless specifically asked to do so by me.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

Regards,

Trevuren

  • 0

#3
Meredia

Meredia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
C:\DOCUME~1\OWNER~1.YOU\STARTM~1\Programs\Trust Cleaner FOUND !
C:\DOCUME~1\OWNER~1.YOU\STARTM~1\Programs\Startup\.protected FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\OWNER~1.YOU\FAVORI~1

C:\DOCUME~1\OWNER~1.YOU\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


Thank you for your assistence, Trevuren!

If this adware continues, I might not be able to sate my rabid gaming habits.

Also, I re-enabled system restore, so no worries there.

Edited by Meredia, 17 September 2006 - 01:33 AM.

  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
  • Download and update Ewido.Please download the trial version of Ewido anti-malware from here:
    http://www.ewido.net/en/download/
    • Install Ewido anti-malware.
    • When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
    • When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
    • The program will prompt you to update. Click the Ok button.
    • The program will now go to the main screen.
    You will need to update Ewido to the latest definition files.
    • On the left-hand side of the main screen click the Update Button.
    • Click on Start.
    • The update will start and a progress bar will show the updates being installed.
    Once finished updating, close Ewido.

    If you are having problems with the updater, you can use this link to manually update ewido.
    Ewido manual updates. Make sure to close Ewido before installing the update.
  • Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
  • Run Smitfraud Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
    Select option #2 - Clean by typing 2 and press Enter.
    Wait for the tool to complete and disk cleanup to finish.
    You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
    The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

    A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

    The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

  • Clean out your Temporary Internet files. Proceed like this:
    • Quit Internet Explorer and quit any instances of Windows Explorer.
    • Click Start, click Control Panel, and then double-click Internet Options.
    • On the General tab, click Delete Files under Temporary Internet Files.
    • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
    • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
    • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
    • Click OK.
    Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

    Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

  • Run Ewido. Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan.
    • Click on Scanner
    • Click on Settings
      • Under How to scan all boxes should be checked
      • Under Unwanted Software all boxes should be checked
      • Under What to scan select Scan every file
      • Click on Ok
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections and put a checkmark in the box next to Create encrypted backup, then choose clean and click Ok.

    Once the scan has completed, there will be a button located on the bottom of the screen named Save Report.
    • Click Save Report button
    • Save the report to your Desktop
    Close Ewido and Reboot in Normal Mode.

  • Run SmitfraudFix. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #3 - Delete Trusted zone by typing 3 and press Enter

    Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

  • Post Logs. Please post:
    • c:\rapport.txt
    • Ewido log
    • A new HijackThis log
    Your may need several replies to post the requested logs, otherwise they might get cut off.

  • 0

#5
Meredia

Meredia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
SmitFraudFix v2.90

Scan done at 14:18:13.62, Sun 09/17/2006
Run from C:\New Folder\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\.protected Deleted
C:\WINDOWS\local.html Deleted
C:\WINDOWS\onlineshopping.ico Deleted
C:\WINDOWS\removeadware.ico Deleted
C:\WINDOWS\sexpersonals.ico Deleted
C:\WINDOWS\videoslots.ico Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:18:23 PM 9/17/2006

+ Scan result:



J:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned.
J:\WINDOWS\system32\HyperLinker1.exe -> Adware.MDH : Cleaned.
C:\WINDOWS\system32\WinNB58.dll -> Adware.Mirar : Cleaned.
J:\Program Files\Save\ACM.dll -> Adware.SaveNow : Cleaned.
C:\Software\WarezP2P_TDL.exe -> Downloader.Small : Cleaned.
C:\Software\Install-Errorprotector-Free.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
:mozilla.43:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.523:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.101:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.102:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.103:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.104:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.105:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.106:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.107:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.108:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.109:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.110:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.111:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.117:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.364:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.394:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.460:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.84:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.85:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.86:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.87:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.89:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.91:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.94:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.95:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.96:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.97:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.98:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
J:\Documents and Settings\Laura\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.491:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.7search : Cleaned.
:mozilla.492:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.7search : Cleaned.
:mozilla.599:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.10:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.412:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.413:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.414:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.415:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.416:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.417:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.423:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.424:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.425:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.429:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.430:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.431:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.432:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.433:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.434:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.435:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.456:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.457:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.6:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.7:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.821:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.8:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.9:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.562:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.563:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.564:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.612:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Adserver : Cleaned.
:mozilla.613:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Adserver : Cleaned.
:mozilla.614:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Adserver : Cleaned.
:mozilla.615:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Adserver : Cleaned.
:mozilla.616:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Adserver : Cleaned.
:mozilla.617:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Adserver : Cleaned.
:mozilla.618:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Adserver : Cleaned.
:mozilla.619:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Adserver : Cleaned.
:mozilla.620:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Adserver : Cleaned.
:mozilla.89:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.90:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.482:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Adtech : Cleaned.
:mozilla.483:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Adtech : Cleaned.
:mozilla.768:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.769:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.155:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.156:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.157:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.158:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.159:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.60:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.61:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.62:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.63:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.64:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.74:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.76:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.78:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Advertising : Cleaned.
J:\Documents and Settings\Laura\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.104:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Atdmt : Cleaned.
:mozilla.105:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Atdmt : Cleaned.
:mozilla.37:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.65:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.197:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Bfast : Cleaned.
:mozilla.732:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.82:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.436:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.761:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.373:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.374:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.375:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.278:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.359:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.279:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Burstnet : Cleaned.
:mozilla.280:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Burstnet : Cleaned.
:mozilla.361:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.362:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.121:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.125:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.126:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.127:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.128:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.129:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.26:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.27:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.28:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.29:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.30:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.31:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.32:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.33:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.911:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Clickbank : Cleaned.
:mozilla.528:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Clickhype : Cleaned.
:mozilla.375:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Com : Cleaned.
:mozilla.376:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Com : Cleaned.
:mozilla.507:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.622:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Comclick : Cleaned.
:mozilla.623:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Comclick : Cleaned.
:mozilla.624:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Comclick : Cleaned.
:mozilla.471:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.130:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.22:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.34:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.35:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.659:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Esomniture : Cleaned.
J:\Documents and Settings\Laura\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.621:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Estat : Cleaned.
:mozilla.454:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.455:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
J:\Documents and Settings\Laura\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.11:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.12:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.13:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.14:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.15:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.16:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.178:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.17:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.181:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.182:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.183:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.184:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.185:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.335:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Falkag : Cleaned.
:mozilla.336:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Falkag : Cleaned.
:mozilla.337:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Falkag : Cleaned.
:mozilla.338:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Falkag : Cleaned.
:mozilla.339:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Falkag : Cleaned.
:mozilla.534:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.535:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.536:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.537:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.538:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.131:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.132:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.133:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.134:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.294:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.295:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.296:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.54:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.55:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.56:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.57:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.165:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.391:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.456:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.491:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.578:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.194:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.195:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.29:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.30:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.31:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.436:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.437:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.440:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.446:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.466:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.497:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.611:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.627:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.631:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.638:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.642:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.677:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.679:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.680:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.681:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.713:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.714:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.728:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.734:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.735:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.771:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.829:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.830:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.831:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.833:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.469:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.470:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.471:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.472:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.480:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.253:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.254:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.110:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.111:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.112:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.14:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.15:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.16:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.17:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.543:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.544:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.556:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.557:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.759:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Liveperson : Cleaned.
:mozilla.760:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Liveperson : Cleaned.
:mozilla.761:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Liveperson : Cleaned.
:mozilla.762:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Liveperson : Cleaned.
:mozilla.764:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Liveperson : Cleaned.
:mozilla.685:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.143:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.144:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.217:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.218:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.75:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.502:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.503:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.504:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.21:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Overture : Cleaned.
:mozilla.22:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Overture : Cleaned.
:mozilla.234:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.235:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.23:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Overture : Cleaned.
:mozilla.24:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Overture : Cleaned.
:mozilla.337:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.97:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.145:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.146:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.147:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.148:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.182:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.183:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.184:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.185:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.186:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.73:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.85:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.86:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.88:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.343:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.344:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.438:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Qksrv : Cleaned.
:mozilla.439:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Qksrv : Cleaned.
:mozilla.114:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.115:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.153:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.154:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.155:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.156:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.91:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.150:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Revenue : Cleaned.
:mozilla.151:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Revenue : Cleaned.
:mozilla.152:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Revenue : Cleaned.
:mozilla.153:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Revenue : Cleaned.
:mozilla.154:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Revenue : Cleaned.
:mozilla.697:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.140:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.141:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.142:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.143:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.144:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.145:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.146:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.411:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.418:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.419:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.420:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.421:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.422:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.107:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.108:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.109:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.110:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.111:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.113:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.223:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.224:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.225:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.226:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.227:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.395:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.396:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.397:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.398:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.399:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.400:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.401:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.402:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.403:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.404:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.548:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.549:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.550:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.551:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.552:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.553:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.554:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.555:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.556:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.557:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.558:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.559:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.560:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.561:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.562:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.563:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.564:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.565:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.566:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.567:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.568:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.569:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.570:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.571:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.572:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.573:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.574:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.575:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.576:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.577:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.578:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.579:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.580:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.581:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.582:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.583:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.584:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.585:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.586:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.587:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.588:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.589:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.590:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.591:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.592:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.593:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.594:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.595:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.596:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.597:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.408:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.661:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexlist : Cleaned.
:mozilla.662:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexlist : Cleaned.
:mozilla.663:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexlist : Cleaned.
:mozilla.664:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexlist : Cleaned.
:mozilla.665:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexlist : Cleaned.
:mozilla.666:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexlist : Cleaned.
:mozilla.667:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexlist : Cleaned.
:mozilla.668:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexlist : Cleaned.
:mozilla.669:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexlist : Cleaned.
:mozilla.670:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexlist : Cleaned.
:mozilla.671:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Sexlist : Cleaned.
:mozilla.231:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Specificclick : Cleaned.
:mozilla.232:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Specificclick : Cleaned.
:mozilla.233:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Specificclick : Cleaned.
:mozilla.234:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Specificclick : Cleaned.
:mozilla.54:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.56:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.74:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.75:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.76:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.479:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.257:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.258:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.259:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.260:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.261:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.262:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.263:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.264:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.265:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.266:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.267:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.268:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.269:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.270:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.271:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.272:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.273:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.274:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.275:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
Continued in next post

Edited by Meredia, 17 September 2006 - 03:38 PM.

  • 0

#6
Meredia

Meredia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
:mozilla.276:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.277:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.326:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.327:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.328:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.329:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.330:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.331:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.123:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Tacoda : Cleaned.
:mozilla.125:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Tacoda : Cleaned.
:mozilla.129:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Tacoda : Cleaned.
:mozilla.136:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.140:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.142:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.242:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.345:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.49:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.50:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.51:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.52:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.53:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.122:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.123:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.124:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.288:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Targetnet : Cleaned.
:mozilla.772:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.325:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.327:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.328:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.329:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.330:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.331:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.332:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.333:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.55:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.57:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.58:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.59:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.67:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.71:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.72:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.73:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.520:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.179:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.180:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.368:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.566:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.567:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.568:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.569:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.570:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.571:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.785:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Valuead : Cleaned.
:mozilla.786:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Valuead : Cleaned.
:mozilla.787:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Valuead : Cleaned.
:mozilla.788:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Valuead : Cleaned.
:mozilla.789:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Valuead : Cleaned.
:mozilla.790:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Valuead : Cleaned.
:mozilla.525:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Valueclick : Cleaned.
:mozilla.526:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Valueclick : Cleaned.
:mozilla.527:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Valueclick : Cleaned.
:mozilla.643:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.304:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Web-stat : Cleaned.
:mozilla.305:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Web-stat : Cleaned.
:mozilla.306:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Web-stat : Cleaned.
:mozilla.90:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.91:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.355:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.643:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.781:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.484:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.283:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.284:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.284:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.285:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.285:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.286:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.286:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.287:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.287:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.289:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.290:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.291:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.292:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.293:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Yieldmanager : Cleaned.
J:\Documents and Settings\Laura\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.117:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\4it1ryva.Laura\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.301:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Zedo : Cleaned.
:mozilla.302:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Zedo : Cleaned.
:mozilla.303:J:\FOUND.005\FILE0000.CHK -> TrackingCookie.Zedo : Cleaned.
:mozilla.85:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.86:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.87:J:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\kmor8y8d.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
J:\Corel\Graphics8\Programs\comreg.exe -> Worm.Magistr.a.poly : Cleaned.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 4:29:56 PM, on 9/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
J:\Program Files\AIM\aim.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ZyXEL\G360\Gcc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\ZyXEL\G360\OdHost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Software\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.c...h...TP&M=GM5084
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\local.html
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] J:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize
O4 - Startup: .protected
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: ZyXEL G-360 Wireless Adapter Utility.lnk = C:\Program Files\ZyXEL\G360\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - J:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


... What's up with all the frickin' sex cookies?
  • 0

#7
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Cookies: Your machine!!

Please disable ProcessGuard as it may interfere with our fix

ProcessGuard
1. Right-click the blue lock ProcessGuard icon located in the system tray.
2. Uncheck 'protection enabled'
3. Click yes

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
  • First we need to make all files and folders VISIBLE:
    • Go to start>control panel>folder options>view (tab)
    • Choose to "show hidden files and folders,"
    • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
    • Close the window with ok
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\local.html
    O4 - Startup: .protected


  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System in Safe Mode

    How to use the F8 method to Start Your Computer in Safe Mode

    • Restart the computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
    • Use the arrow keys to select the Safe mode menu item
    • Press Enter.
  • Using Windows Explorer (Windows Key + E), locate the following file, and DELETE it (if still present):

    C:\WINDOWS\local.html<==File

  • Exit Explorer, and REBOOT BACK INTO NORMAL MODE

  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.

In addition:

Please do an online scan with Kaspersky Online Virus Scanner (Use Internet Explorer as your Browser)

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Next Click on Free Virus Scanner, then Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Standard
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information into your next post and tell me if you are aware of any more problems with your system that could be malware related.
Regards

Trevuren

  • 0

#8
Meredia

Meredia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I'm not aware of any other problems other than the continual IE ad-based popup on the computer, but apparently in spite of my firewall's protection I've gotten more than my fair share of crap. Haven't done the scans yet due to time constraints and need of the PC, but I did do the scan:

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_3369727113_262144_27565 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{6A6778EC-5675-436B-944C-8BD83BC38998}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Aim\gakummpi\MerediaVelies\cert8.db Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Aim\gakummpi\MerediaVelies\key3.db Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_96C8_DA16_C8D9_F489\dfsr.db Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_96C8_DA16_C8D9_F489\fsr.log Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_96C8_DA16_C8D9_F489\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_96C8_DA16_C8D9_F489\tmp.edb Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\History\History.IE5\MSHist012006091720060918\index.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Temp\~DFBF4B.tmp Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Temp\~DFDFA.tmp Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Temp\~DFE5F.tmp Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Temp\~DFF3F9.tmp Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Temp\~DFF5A2.tmp Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\LOG\ERRORLOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\YOUR-2CE3A83D6A.ldb Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{B009002F-BBF8-47D4-986D-BF2CE265FB38}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{65701594-3EAA-4E5C-9649-56C805856AE4}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_29c.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5ac.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_860.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT00e8c.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT04406.TMP Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
J:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\18130000.VBN Infected: Email-Worm.Win32.Bagle.z skipped
J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1cf39f94-227af524.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1cf39f94-227af524.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1cf39f94-227af524.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1cf39f94-227af524.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1cf39f94-227af524.zip ZIP: infected - 4 skipped
J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-58d74376.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-58d74376.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-58d74376.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-58d74376.zip ZIP: infected - 3 skipped
J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-162be4ef.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w skipped
J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-162be4ef.zip ZIP: infected - 1 skipped
J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-6ba5f6ec.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-6ba5f6ec.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-6ba5f6ec.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-6ba5f6ec.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-6ba5f6ec.zip ZIP: infected - 4 skipped
J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-561ea725-604b0ca8.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-561ea725-604b0ca8.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-561ea725-604b0ca8.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-561ea725-604b0ca8.zip ZIP: infected - 3 skipped
J:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1\change.log Object is locked skipped
  • 0

#9
Meredia

Meredia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Did ask you asked... But it REFUSED to let me fix O4 - Startup: .protected ! It said it was in use, and no matter what I did and what I closed, it was still in use. I don't know what running process I have going that's using it which is causing it to kick me like a wounded puppy, but it won't budge.

Logfile of HijackThis v1.99.1
Scan saved at 1:42:38 AM, on 9/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Video\FxSvr2.exe
J:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ZyXEL\G360\Gcc.exe
C:\Program Files\ZyXEL\G360\OdHost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Software\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.c...h...TP&M=GM5084
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] J:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: .protected
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: ZyXEL G-360 Wireless Adapter Utility.lnk = C:\Program Files\ZyXEL\G360\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - J:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - Unknown owner - C:\Program Files\ProcessGuard\dcsuserprot.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#10
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please delete the following file. Use Safe Mode if need be.

C:\Software\Install-Errorprotector-Free.exe

If the popup is still occuring, please attempt to tell me what it refers to.

Please dowmload Silent Runners. RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As")
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will receive a prompt:
    • Do you want to skip supplementary searches?
      click NO
  • If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

Trevuren

Edited by Trevuren, 18 September 2006 - 01:45 PM.

  • 0

Advertisements


#11
Meredia

Meredia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
File was deleted without an issue.

It's so interesting to do this while trying to make a wild orphaned baby rabbit eat with a non-cooperative tube...

"Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"{C8D9F489-089C-1033-0330-060316060001}" = ""C:\Program Files\Common Files\{C8D9F489-089C-1033-0330-060316060001}\Update.exe" mc-110-12-0000272" [file not found]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"AIM" = "J:\Program Files\AIM\aim.exe -cnetwait.odl" ["America Online, Inc."]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Labtec Inc."]
"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe " ["Labtec Inc."]
"LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Labtec Inc."]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{54F0427C-3DA1-4CB2-80D9-D71D10C6BE7F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\pmnll.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
-> {HKLM...CLSID} = "ShellLink for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
-> {HKLM...CLSID} = "Shell Icon Handler for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {HKLM...CLSID} = "SampleView"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Labtec Pictures"
-> {HKLM...CLSID} = "My Labtec Pictures"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Labtec Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{0873D142-79EF-49fa-81B5-211AAC0B0A7F}" = "Target Finder Shell Extension"
-> {HKLM...CLSID} = "TargetFinderShlExt Class"
\InProcServer32\(Default) = "C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\TargetFinder.dll" [empty string]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" [file not found]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "Userinit" = "C:\WINDOWS\system32\userinit.exe,userinit.exe" [MS], [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! pmnll\DLLName = "C:\WINDOWS\system32\pmnll.dll" [null data]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssstars.scr" [MS]


DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------

H:\MiniNT\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

H:\i386\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

H:\updgoi\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]


Startup items in "Owner" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Start Menu\Programs\Startup
INFECTION WARNING! ".protected" [null data]
"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Service Manager" -> shortcut to: "C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n" [MS]
"ZyXEL G-360 Wireless Adapter Utility" -> shortcut to: "C:\Program Files\ZyXEL\G360\Gcc.exe" [empty string]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "J:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS]
Media Center Receiver Service, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS]
Media Center Scheduler Service, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS]
Messenger Sharing USN Journal Reader service, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]}
MSSQL$MICROSOFTSMLBIZ, MSSQL$MICROSOFTSMLBIZ, ""C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ" [MS]
MSSQL$SOPHOS, MSSQL$SOPHOS, "C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe -sSOPHOS" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
PrismXL, PrismXL, "C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS" ["New Boundary Technologies, Inc."]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 84 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 11 seconds.
---------- (total run time: 113 seconds)
  • 0

#12
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
There appear to be a few other things going on here that were not evident in your HJT log. There may some Vundo trojan involvement, some Trust Cleaner issues and possibly some Alcan trojan activity. We'll take them one at a time. I believe that this is evidence of partial infection removal accomplished by all the tools that you used before posting. (Not complaining, just explaining :whistling: )

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot

Regards,

Trevuren

  • 0

#13
Meredia

Meredia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
VundoFix V6.1.5

Checking Java version...

Java version is 1.5.0.2

Scan started at 6:58:17 PM 9/18/2006

Listing files found while scanning....

C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\llnmp.bak1
C:\WINDOWS\system32\llnmp.bak2
C:\Program Files\Common Files\{C8D9F489-089C-1033-0330-060316060001}\services.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\pmnll.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\llnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\llnmp.bak1
C:\WINDOWS\system32\llnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\llnmp.bak2
C:\WINDOWS\system32\llnmp.bak2 Has been deleted!

Attempting to delete C:\Program Files\Common Files\{C8D9F489-089C-1033-0330-060316060001}\services.dll
C:\Program Files\Common Files\{C8D9F489-089C-1033-0330-060316060001}\services.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.5

Checking Java version...

Java version is 1.5.0.2

Scan started at 7:02:31 PM 9/18/2006

Listing files found while scanning....

C:\WINDOWS\system32\pmnll.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\pmnll.dll Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 11:44:36 AM, on 9/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
J:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ZyXEL\G360\Gcc.exe
C:\Program Files\ZyXEL\G360\OdHost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
J:\NeverwinterNights\NWN\nwmain.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Software\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.c...h...TP&M=GM5084
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54F0427C-3DA1-4CB2-80D9-D71D10C6BE7F} - C:\WINDOWS\system32\pmnll.dll (file missing)
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] J:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: .protected
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: ZyXEL G-360 Wireless Adapter Utility.lnk = C:\Program Files\ZyXEL\G360\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - J:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - Unknown owner - C:\Program Files\ProcessGuard\dcsuserprot.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#14
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Well that surely was well worth the effort!. Let's see if there are any traces of the Alcan trojan.

1. Please update your Ewido definitions.

Do Not run a scan just yet

2. Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

4. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

5. IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your desktop (This is important)
  • Close Ewido and reboot your system back into Normal Mode.
6. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.


Regards,

Trevuren

  • 0

#15
Meredia

Meredia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Logfile of HijackThis v1.99.1
Scan saved at 3:02:22 PM, on 9/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
J:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ZyXEL\G360\Gcc.exe
C:\Program Files\ZyXEL\G360\OdHost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\svchost.exe
C:\Software\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.c...h...TP&M=GM5084
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54F0427C-3DA1-4CB2-80D9-D71D10C6BE7F} - C:\WINDOWS\system32\pmnll.dll (file missing)
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] J:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: .protected
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: ZyXEL G-360 Wireless Adapter Utility.lnk = C:\Program Files\ZyXEL\G360\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - J:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - Unknown owner - C:\Program Files\ProcessGuard\dcsuserprot.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:17:17 PM 9/19/2006

+ Scan result:



J:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1\A0000097.dll -> Adware.Aws : Cleaned.
J:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1\A0000099.exe -> Adware.MDH : Cleaned.
J:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1\A0000098.dll -> Adware.SaveNow : Cleaned.
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Temporary Internet Files\Content.IE5\FGQI1T3V\ErrorSafeNewReleaseInstall[1].cab/UERS_9999_N91S2507NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
:mozilla.29:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Cookies\owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.39:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.40:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.41:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.43:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Cookies\owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.38:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP