25 replies to this topic

[Dennis K]

I recently began getting constant alerts that my anti-virus program (Symantec) was constantly finding a virus. awvtu.dll was the problem indicated. I restored my computer (systems restore) back to a few days and that took care of the constant cirus alerts.

I tried to run Adaware, but every time it starts running, maybe 2 seconds later, my computer crashes and I'm left with a blue screen. I turned off systems restore and re-booted into safemode.
I installed and ran Vundofix and found that dll file and deleted it.

However, I still cannot turn on the anti virus Real Time Protection. Also, when I try to update the DEF files, it says it's already up to date, even though they are dated March 6.

Please see the copied HJT log data. Can you tell me if my problems are being caused by a virus, trojan, worm, or something?

Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 12:53:08 AM, on 4/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Documents and Settings\Anna\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKCU\..\Run: [AIM] C:\Documents and Settings\Anna\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\u863wc3i.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\u863wc3i.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Anna\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\NPssView.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} (Crystal ActiveX Report Viewer Control 10.0) - https://crystal.loui...tiveXViewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85FBF0B4-B1B2-45B0-AA37-32C636E71477}: NameServer = 216.24.27.3 216.24.27.4
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

[little eagle]

Close all programs leaving only HijackThis running. Place a check against each of the following,

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode

Using Windows Explorer, locate the following files/folders, and delete them:

C:\Program Files\Viewpoint
Exit Explorer, and reboot as normal afterwards.

Post back a fresh HijackThis log and we will take another look.

[Dennis K]

Thanks for taking a look. Here's the new log file.

Logfile of HijackThis v1.99.1
Scan saved at 2:30:12 PM, on 4/30/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [AIM] C:\Documents and Settings\Anna\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\u863wc3i.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\u863wc3i.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Anna\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\NPssView.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} (Crystal ActiveX Report Viewer Control 10.0) - https://crystal.loui...tiveXViewer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe


I can see a few things I'd like to get rid of already.
The PHPGeekUtil can be deleted since I don't use that version any longer and the apache files I now use are in a different location. I'd like to stop the Musicmatch Jukebox files from loading all the time as well, if possible, since it's only used occassionally. Do you know how to do that too?

I find it frustrating to have things running on my computer when I don't know what they are or why they are there. So I really appreciate you helping me learn how to clean my system.

Thanks.

Dennis

[little eagle]

Spybot S&D lets you kill the 04's, the startups. Start Spybot click mode at the top left,
make sure that advanced mode is checked. Then click on tools on the lower left.
Then system startup, to the right is a double arrow bar click it to expand.
Now clicking on a value you will get a description of the command line. Removing the green
check mark will stop the startup, should you decide that you need or want it back just
replace the check mark. Restarting your PC will complete the change.


These are not really necessary

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

This will give you an idea of what we are looking at.
http://www.spywarein...ogtutorial.html

[Dennis K]

Thanks for the link. The information is very helpful

I was able to run SpyBot and Adaware and remove about six critical threats.
Unfortunately, I am still having a few problems with Symantec and Firefox.

I cannot enable realtime virus protection even though the option for this is checked. A message pops up every once in a while stating that Reatime Protection has been Disabled. There is also an exclaimation mark on the icon in the systems tray indicating realtime protection is disabled.
When I try to update the virus definition files, it downloads the files and goes through the install process as expected. However, it still says the last update was performed on 04/06 and it will repeat the download/install process as many times as I want.

Also, I can only open Firefox some of the time. Lately, it starts to launch but then crashes.

I don't know if these two issues are related or have to do with the hidden malware or not. If I re-install the anti virus software and the browser, will the problem simply re-appear?

Here is the latest HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 11:27:02 PM, on 4/30/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk.disabled
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\u863wc3i.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\u863wc3i.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\NPssView.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} (Crystal ActiveX Report Viewer Control 10.0) - https://crystal.loui...tiveXViewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85FBF0B4-B1B2-45B0-AA37-32C636E71477}: NameServer = 216.24.27.3 216.24.27.4
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

If it helps any, the entry for 017HKLM... (216.24.27.3) is my ISP.
Thanks for the continued support.

Dennis

[little eagle]

Click start > control panel > user accounts > change the way users log on or off > uncheck fast user switching > restart you computor.

Download, unzip and run 'RootkitRevealer' from Sysinternals:
http://www.sysintern...itRevealer.html
Once the program has started, press Scan and let it run.
When the scan is done, use 'File > Save' to place the logfile in a convenient location (such as the desktop). The default filename will be 'RootkitReveal.txt'.

Save your Log File
Copy/Paste the contecnts of that logfile into your next reply

NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

That way you should have a much simpler and clearer log file in which to peruse and evaluate.

[Dennis K]

I ran the RootKit Revealer this evening as per your instructions. Two items found. HKLM\S-1-5-21-3890977962-3147360271-2142131013-1007\RemoteAccess\InternetProfile 5/24/2004 12:17 AM 7 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Hewlett-Packard\DigitalImaging\hp psc 1400 series\DeviceInstances\1122947121\Functions\Scan\LastScanToRestore 5/1/2006 7:33 PM 114 bytes Data mismatch between Windows API and raw hive data. I also tried to run my anti-virus scan manually (since it doesn't run as scheduled or in realtime), and the error message says, "Symantec AntiVirus could not asscess the scan engine. Please ensure the product is properly installed." At some point I guess I'll have to uninstall and/or re-install the software. Making sure the system is clean first seems to be prudent though. Thanks for being patient. Dennis

[little eagle]

Download Ewido Security Suite it is a trial version of the program.

• Install ewido security suite
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will now go to the main screen

You will need to update ewido to the latest definition files.

• On the left hand side of the main screen click update
• Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• During some scans with ewido it is finding cases of false positives.
• You will need to step through the process of cleaning files one-by-one.
• If ewido detects a file you KNOW to be legitimate, select none as the action.
• DO NOT select "Perform action on all infections"
• If you are unsure of any entry found select none for now.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.
Now close ewido security suite and post the results here.
With a new hijackthis log.

[Dennis K]

It took a couple tries, but I finally got it scanned and files removed. --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 11:36:22 PM, 5/2/2006 + Report-Checksum: 4D1C40B + Scan result: :mozilla.10:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.11:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.12:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.13:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.14:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.15:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.16:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.17:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.18:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.19:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.20:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.43:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.50:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.51:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.52:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.53:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.54:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.55:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.56:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.57:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.61:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.62:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.63:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.64:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.65:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.66:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.67:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.68:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.69:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.71:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.72:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.73:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.74:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.75:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.76:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.77:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.87:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.91:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup :mozilla.92:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.96:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.97:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.98:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.99:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup :mozilla.107:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.118:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.119:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.120:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.121:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.144:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.145:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.146:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.147:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.149:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.150:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.151:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.153:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.162:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.164:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.165:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.166:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.167:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.190:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.205:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.217:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup :mozilla.222:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup :mozilla.229:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.230:C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\em1ii263.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.6:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.7:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.8:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.9:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.10:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.11:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.12:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.13:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.14:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.15:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.16:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.18:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.19:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.20:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.21:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.22:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.39:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.40:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.41:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.42:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.43:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.44:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.45:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.47:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.51:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.53:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.54:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.57:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.58:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.62:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.63:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.64:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.65:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.74:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.75:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.76:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.81:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.90:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.99:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.100:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.103:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.104:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.107:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.111:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup :mozilla.112:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup :mozilla.122:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.123:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.124:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.125:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.126:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.137:C:\Documents and Settings\Anna\Application Data\Mozilla\Profiles\default\jxuvfimc.slt\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\Anna\Desktop\Under The Leaves\Anna's Things\Anna'a Web\Zelda Classic\thank.exe -> Hijacker.StartPage : Cleaned with backup C:\Documents and Settings\Anna\Local Settings\Temp\180sainstaller.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup C:\Documents and Settings\Anna\Local Settings\Temp\180sainstaller.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup C:\Documents and Settings\Anna\Local Settings\Temp\Cookies\anna@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Anna\Local Settings\Temp\Del4E.tmp -> Downloader.Small.asf : Cleaned with backup C:\Documents and Settings\Anna\Local Settings\Temp\res4F.tmp -> Adware.180Solutions : Cleaned with backup :mozilla.22:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.32:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.33:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.40:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.104:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.105:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.124:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.125:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.141:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.142:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.143:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.144:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.145:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.146:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.147:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.148:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.149:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.150:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.151:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.152:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.153:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.156:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.157:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.158:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.159:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.167:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.168:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.182:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.213:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.238:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.239:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.248:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.259:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.260:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.262:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.263:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.270:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup :mozilla.271:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup :mozilla.272:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup :mozilla.278:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.282:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup :mozilla.283:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.295:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup :mozilla.299:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.300:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.301:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.302:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.303:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.304:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.305:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.307:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.313:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.319:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.320:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.321:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.322:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.328:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.329:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.330:C:\Documents and Settings\Cathy\Application Data\Mozilla\Firefox\Profiles\rc3d50dr.default\cookies.txt -> TrackingCookie.Ad-logics : Cleaned with backup :mozilla.6:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.7:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.9:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.10:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.37:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.38:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.42:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.43:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.44:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.45:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.46:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.47:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.48:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.49:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.50:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.51:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.52:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.53:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.54:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.55:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.56:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.57:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.58:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.59:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.60:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.61:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.63:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.64:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.65:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.68:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.70:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.71:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.72:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.73:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.74:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.77:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.79:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.80:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.81:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.82:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.83:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.84:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.85:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.86:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.87:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.88:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.89:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.90:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.91:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.94:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.95:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.96:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.100:C:\Documents and Settings\Cathy\Application Data\Mozilla\Profiles\default\aiu3qq1s.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.28:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.29:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.30:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.31:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.32:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.33:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.40:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.42:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup :mozilla.43:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.44:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.46:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.47:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.48:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.49:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.50:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.51:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.52:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.53:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.54:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.61:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.66:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.67:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup :mozilla.70:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.71:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.72:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.73:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.83:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.84:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.85:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.87:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup :mozilla.88:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup :mozilla.89:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.92:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.93:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.98:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.100:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.116:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.117:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.137:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.140:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.141:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.142:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.143:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.146:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.147:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.148:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.149:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy (2) of u863wc3i.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.29:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy of u863wc3i.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.30:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy of u863wc3i.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.31:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy of u863wc3i.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.32:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy of u863wc3i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.33:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy of u863wc3i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.34:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy of u863wc3i.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.41:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy of u863wc3i.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.43:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy of u863wc3i.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup :mozilla.44:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy of u863wc3i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.45:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy of u863wc3i.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.47:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy of u863wc3i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.48:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy of u863wc3i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.49:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy of u863wc3i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.50:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy of u863wc3i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.51:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy of u863wc3i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.52:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy of u863wc3i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.53:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy of u863wc3i.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.54:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy of u863wc3i.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.55:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy of u863wc3i.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.62:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy of u863wc3i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.67:C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\Copy of u863wc3i.default\co

[little eagle]

Download MsnVirRem and save it to your Desktop. Once in place, double click the exe, and that will extract the files to your desktop. This will create another folder called MsnVirRem. Dont Run Anything Yet.
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Inside that folder (MsnVirRem) is a file called MsnVir.bat . Double-click on this file to launch the Fix. Once it is launched, You will be prompted to either Run the fix (Press Enter) or exit without making changes (Close the window). Please take your pick. This program will scan for files that meet certain parameters that are native to the Chod series of worms, this can take some time so please let it finish.

When it is done the DOS window will disappear and in the MsnVirRem Folder will be a log of all files removed.
Paste that back here.

[Dennis K]

Here's the log after running MsnVirRem. I'm not sure what "ECHO is off" refers to; hopefully it switches off after completing the scan instead of not recording during the scan. Thanks for walking me through the steps. This is very enlightening in spite of being frustrating. Dennis Log of MsnVirRem by Skate_Punk_21 Wed 05/03/2006 08:35 PM Setting Allowances for Registry Tools... Editing Registry... Rewriting Host File... Finding/Killing local link... ---Infection Files Removed--- ECHO is off.

[little eagle]

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Startup will be slow when you log in as you are cleanning out prefetch.

[Dennis K]

Thanks for the last tool. I had been trying to do all that stuff manually and was sure I was missing things (we have five users on the computer).

I am now able to successfully launch the browsers consitently, Adaware now updates and runs, and my anti-virus program stays working (following a reinstall). So this is good.

I'm including the latest HJT log. It would sure be great if you could take a look at it again and give me your opinion.

Hopefully, I won't just keep getting infected since I don't know where the problem came from in the first place. I have Ewido and ZoneAlarm running in the tray now. Also, the other users on the computer have limited accounts instead of admin accounts.

Are there any other settings that I need to change or change back?

Thank you.

Dennis

Logfile of HijackThis v1.99.1
Scan saved at 12:21:29 PM, on 5/6/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\hijackthis\HijackThis.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk.disabled
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\u863wc3i.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\u863wc3i.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\NPssView.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} (Crystal ActiveX Report Viewer Control 10.0) - https://crystal.loui...tiveXViewer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

DK

[little eagle]

And can you post a log from ever user on the computer. Clearly indicate which log belongs to which user, the type of rights the account has (Admin or limited), and for clarity post each log into a new post.

[Dennis K]

Thanks.

This is the HJT log for user 1, Limited rights.

Logfile of HijackThis v1.99.1
Scan saved at 10:50:51 AM, on 5/7/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk.disabled
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\NPssView.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} (Crystal ActiveX Report Viewer Control 10.0) - https://crystal.loui...tiveXViewer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe


--
Dennis