Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problem involving win anti virus 2006 (i think)


  • Please log in to reply

#1
macwilson

macwilson

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

I have had a look through previous threads and have followed all advice that I can find, although I know that none of it is specifically tailored to me, it's worth having a go!

I am having some difficulties today after opening a website which proceeded to inform me that someone else was looking at my computer and automatically began to install something called Win Virus Fixer 2006, which I suspected wasn't legitimate (correctly, I hope!) I cancelled the installation although it seems that the damage has been done as a yellow exclamation mark "critical system warning" bubble keeps appearing (every 30 seconds or so) from my toolbar telling me that my system is suffering from tremendous slowdown as a result of whatever trojan it says has been installed, and requests that I click it to download anti-virus software. The spelling on this bubble is incorrect so again I am suspicious and clicking it leads to a site called pestcontrol.com, or one of several others all of which attempt to get me to install some anti virus software.

I have checked my system and there appears to be no slowdown at all, so I am certain this is all a bit of a hoax.
It's an inconvienience though, so I hope that you can help me.

My HijackThis report.

Logfile of HijackThis v1.99.1
Scan saved at 23:59:50, on 28/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\VideoKeyCodec\isamonitor.exe
C:\Program Files\VideoKeyCodec\isamini.exe
C:\Program Files\VideoKeyCodec\pmsngr.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\VideoKeyCodec\pmmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.del.......;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.del.......;l=en&s=gen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - C:\Program Files\VideoKeyCodec\isaddon.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Program Files\VideoKeyCodec\iesplugin.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.web...wsaxcontrol.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager...unttracking.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://216.123.238.2...sCamControl.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.move2midu...om/h263ctrl.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://hall-tirol.dy...activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{42176A36-9CAF-4E95-8FAE-C3D0FA07D901}: NameServer = 212.139.132.6 212.139.132.7
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

I also ran ewido as instructed by yourselves and got this log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:34:48 28/10/2006

+ Scan result:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.IntCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : Cleaned with backup (quarantined).
HKU\S-1-5-21-3177095515-1225495575-2874327195-1005\Software\Internet Security -> Adware.IntCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DC6_check -> Adware.Systemdoctor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4} -> Adware.VirusBurst : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\contrabandists -> Adware.VirusBurst : Cleaned with backup (quarantined).
C:\WINDOWS\system32\SpOrder.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-3177095515-1225495575-2874327195-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup (quarantined).
C:\Documents and Settings\David Wilson\My Documents\BitTorrent Downloads\WinAntiVirusPro2006FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
:mozilla.511:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.512:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.221:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.225:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.226:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.227:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.228:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.229:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.230:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.231:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.232:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.233:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.234:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.235:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.236:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.270:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.271:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.593:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.653:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.658:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.330:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.331:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.138:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.142:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.143:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.174:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.176:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.177:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.542:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.543:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.544:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.545:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.390:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.391:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.46:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.495:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.169:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.726:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.131:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.144:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.145:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.146:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.527:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.528:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.529:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.530:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.531:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.532:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.328:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.329:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.222:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.223:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.224:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.702:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.784:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.41:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.378:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.965:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.59:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.60:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.61:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.62:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.63:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.812:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.813:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.814:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.815:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.816:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.170:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.171:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.172:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.712:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.431:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.676:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.348:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.349:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.350:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.556:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.573:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.577:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.583:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.612:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.613:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.677:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.969:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.977:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.563:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.78:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.124:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.125:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.678:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.679:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.680:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.305:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.306:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.307:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.308:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.202:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.203:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.75:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.76:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.77:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.102:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.103:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.104:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.105:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.106:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.107:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.108:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.109:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.110:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.99:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.411:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.412:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.284:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.285:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.286:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.287:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.288:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.291:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.614:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.624:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.113:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.975:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.976:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.294:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.295:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.296:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.297:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.298:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.299:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.300:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.301:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.302:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.303:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.139:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.140:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.141:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.147:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.539:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.647:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.648:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.649:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.650:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.137:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.173:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.175:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.738:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.739:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.740:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.741:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.846:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.847:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.848:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.16:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.114:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.115:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.116:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.117:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.118:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.119:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.121:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.122:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.663:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.664:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.665:C:\Documents and Settings\David Wilson\Application Data\Mozilla\Firefox\Profiles\oaih3kjd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end


I have also done a Spy Sweeper sweep

10:31: Removal process completed. Elapsed time 00:00:45
10:31: A reboot was required but declined.
10:30: Quarantining All Traces: malwarewipe cookie
10:30: Quarantining All Traces: virusburst fakealert
10:30: Quarantining All Traces: Troj/Zlobun-Gen
10:30: Quarantining All Traces: trojan-downloader-zlob
10:30: C:\Program Files\VideoKeyCodec\isamonitor.exe is in use. It will be removed on reboot.
10:30: C:\Program Files\VideoKeyCodec\isaddon.dll is in use. It will be removed on reboot.
10:30: C:\Program Files\VideoKeyCodec\isamonitor.exe is in use. It will be removed on reboot.
10:30: Troj/Zlobla-Gen is in use. It will be removed on reboot.
10:30: Quarantining All Traces: Troj/Zlobla-Gen
10:30: Quarantining All Traces: Troj/Zlobie-Gen
10:30: Removal process initiated
10:29: Traces Found: 20
10:29: Custom Sweep has completed. Elapsed time 01:30:34
10:29: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || pmsngr.exe (ID = 1588712)
10:29: File Sweep Complete, Elapsed Time: 01:28:42
10:26: Warning: AntiVirus engine returned [File Corrupted] on [c:\documents and settings\david wilson\desktop\mods\latinvoicemod.zip]
10:25: Warning: AntiVirus engine returned [File Corrupted] on [c:\documents and settings\david wilson\desktop\mods\new folder\1625-1.0mdbm-the weather wizard with arena fix-tessource.rar]
10:25: Warning: Stream read error
10:23: Warning: Stream read error
10:17: Warning: Stream read error
10:16: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterfirewalldisablenotify.zip]
10:16: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterantivirusdisablenotify.zip]
10:15: Warning: Failed to access drive J:
10:15: Warning: Failed to access drive I:
10:15: Warning: Failed to access drive H:
10:15: Warning: Failed to access drive G:
10:15: Warning: Failed to access drive F:
10:15: Warning: Failed to access drive E:
10:12: Warning: AntiVirus engine returned [Access Denied] on [c:\documents and settings\david wilson\local settings\temp\~df7b5b.tmp]
10:12: Warning: Failed to open file "c:\documents and settings\david wilson\local settings\temp\~df7b5b.tmp". The operation completed successfully
10:06: Warning: AntiVirus engine returned [Access Denied] on [c:\pagefile.sys]
10:06: Warning: AntiVirus engine returned [Access Denied] on [c:\hiberfil.sys]
09:58: Access to Hosts file blocked for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
09:58: Access to Hosts file blocked for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
09:37: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\lavasoft\ad-aware se personal\skins\ad-aware se default.ask]
09:35: Warning: AntiVirus engine returned [File Corrupted] on [c:\program files\microsoft office\templates\1033\contmltr.dot]
09:35: Warning: AntiVirus engine returned [File Corrupted] on [c:\program files\microsoft office\templates\1033\contemporary memo.dot]
09:34: Warning: AntiVirus engine returned [File Corrupted] on [c:\program files\microsoft office\templates\1033\label.wiz]
09:31: Warning: AntiVirus engine returned [File Encrypted] on [c:\downloads\aawsepersonal.exe]
09:19: C:\System Volume Information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP285\A0042266.dll (ID = 0)
09:17: C:\System Volume Information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP282\A0042167.dll (ID = 0)
09:16: Warning: AntiVirus engine returned [File Corrupted] on [c:\program files\adobe\acrobat 6.0\reader\messages\enu\read6000win_enudell0001.pdf]
09:12: C:\Program Files\VideoKeyCodec\iesuninst.exe (ID = 0)
09:12: Found Troj/Zlobun-Gen: Troj/Zlobun-Gen
09:11: C:\Program Files\VideoKeyCodec\isauninst.exe (ID = 354604)
09:06: C:\Program Files\VideoKeyCodec\iesplugin.dll (ID = 0)
09:06: C:\Program Files\VideoKeyCodec\isamonitor.exe (ID = 0)
09:06: C:\System Volume Information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP283\A0042181.dll (ID = 0)
09:05: C:\Program Files\VideoKeyCodec\isaddon.dll (ID = 0)
09:05: C:\System Volume Information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP286\A0042347.dll (ID = 0)
09:00: Starting File Sweep
09:00: Cookie Sweep Complete, Elapsed Time: 00:00:00
09:00: c:\documents and settings\david wilson\cookies\david [email protected][2].txt (ID = 6467)
09:00: Found Spy Cookie: malwarewipe cookie
09:00: Starting Cookie Sweep
09:00: Registry Sweep Complete, Elapsed Time:00:00:18
09:00: HKU\S-1-5-21-3177095515-1225495575-2874327195-1005\software\internet security\ (ID = 1553896)
09:00: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {dfa61db1-388e-4c87-8d56-540fa229bcb4} (ID = 1734933)
09:00: Found Adware: virusburst fakealert
09:00: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {dfa61db1-388e-4c87-8d56-540fa229bcb4} (ID = 1734933)
09:00: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || isamonitor.exe (ID = 1704149)
09:00: HKLM\software\microsoft\windows\currentversion\uninstall\safety alerter 2006\ (ID = 1619495)
09:00: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || pmsngr.exe (ID = 1595540)
09:00: Found Trojan Horse: trojan-downloader-zlob
09:00: Starting Registry Sweep
09:00: Memory Sweep Complete, Elapsed Time: 00:01:31
08:59: Detected running threat: C:\Program Files\VideoKeyCodec\isamonitor.exe (ID = 0)
08:59: Detected running threat: C:\Program Files\VideoKeyCodec\isaddon.dll (ID = 0)
08:59: Found Troj/Zlobla-Gen: Troj/Zlobla-Gen
08:59: Detected running threat: C:\Program Files\VideoKeyCodec\iesplugin.dll (ID = 0)
08:59: Found Troj/Zlobie-Gen: Troj/Zlobie-Gen
08:58: Warning: Could not find a spy with ID "0"
08:58: Starting Memory Sweep
08:58: Start Custom Sweep
08:58: Sweep initiated using definitions version 783
08:58: Spy Sweeper 5.2.3.2120 started
08:58: | Start of Session, 29 October 2006 |
********
08:58: | End of Session, 29 October 2006 |
08:58: Access to Hosts file blocked for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
08:58: Access to Hosts file blocked for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
08:53: Shield States
08:53: Informational: Loaded AntiVirus Engine: 2.38.2; SDK Version: 4.10; Virus Definitions: 28/10/2006 07:47:40 (GMT)
08:53: Spyware Definitions: 783
08:52: Spy Sweeper 5.2.3.2120 started
08:52: Spy Sweeper 5.2.3.2120 started
08:52: | Start of Session, 29 October 2006 |
********
The new Hijack This report after the sweep

Logfile of HijackThis v1.99.1
Scan saved at 10:35:42, on 29/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VideoKeyCodec\pmsngr.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\VideoKeyCodec\pmmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.del.......;l=en&s=gen
R0 - HKLM\Software\Microsof

Edited by macwilson, 29 October 2006 - 04:42 AM.

  • 0

Advertisements


#2
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP