WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

mp62

Started by mp62 , Jun 18 2006 03:14 PM

This topic is locked

27 replies to this topic

#1 mp62

Authentic Member

Authentic Member
21 posts

Posted 18 June 2006 - 03:14 PM

Hello,

I've received reports from Avast of the following viruses.

Win32:Zlob-BN
Win32:Small-ADK

I've received countless warnings from Avast, the latest being the following:

6/18/2006 4:17:33 PM SYSTEM 1572 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\hp100.tmp" file.
6/18/2006 4:24:24 PM SYSTEM 1572 Sign of "Win32:Zlob-BN [Trj]" has been found in "C:\WINDOWS\system32\1024\ld3371.tmp\[Upack]" file.
6/18/2006 4:25:35 PM SYSTEM 1572 Sign of "Win32:Small-ADK [Trj]" has been found in "C:\DOCUME~1\Mike\LOCALS~1\Temp\h91746.exe" file.

Then ran Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 5:12:30 PM, on 6/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\TEMP\h91746.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O3 - Toolbar: Video Professor Stay on Top - {56879C4B-B0B1-447C-9FDF-259F70BE9F76} - C:\Program Files\VideoProfessorStayOnTop\VPExplorerExtensions.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
O4 - HKLM\..\Run: [2147e0e3.exe] C:\WINDOWS\system32\2147e0e3.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [2147e0e3.exe] C:\Documents and Settings\Mike\Local Settings\Application Data\2147e0e3.exe
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: palstart.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZRfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {13A1F2A9-14FB-0770-22B6-474675403D0A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {701DC9DC-ACD5-4E94-85E3-F3F1ED68611A} (CWebClientCtl Object) - http://download.palt...ebclientctl.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} (PhaseCaster Widget) - http://www.streamerp...iles/phasex.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

Any help would be appreciated to remove these viruses.

Thanks,
Mike

Advertisements

Register to Remove

#2 Susan528

SuperMember

Authentic Member
3,194 posts

Posted 19 June 2006 - 04:50 AM

Hello mp62 and Welcome to TomCoyote,

Please do the following:

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Posted Image

______________________________

Please download the trial version of Ewido anti-malware 3.5 from here:
http://www.ewido.net/en/download/

Install Ewido anti-malware.
When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
The program will prompt you to update. Click the Ok button.
The program will now go to the main screen.

You will need to update Ewido to the latest definition files.

On the left-hand side of the main screen click the Update Button.
Click on Start.

The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates. Make sure to close Ewido before installing the update.
______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter

Posted Image

This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Please post (reply) with the rapport.txt

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#3 mp62

Authentic Member

Authentic Member
21 posts

Posted 19 June 2006 - 03:57 PM

Thank you for your help Susan, Here is the report. SmitFraudFix v2.62 Scan done at 17:53:40.48, Mon 06/19/2006 Run from C:\Documents and Settings\Mike\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\.protected FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\atmclk.exe FOUND ! C:\WINDOWS\system32\dcomcfg.exe FOUND ! C:\WINDOWS\system32\hp???.tmp FOUND ! C:\WINDOWS\system32\hp????.tmp FOUND ! C:\WINDOWS\system32\ld????.tmp FOUND ! C:\WINDOWS\system32\ot.ico FOUND ! C:\WINDOWS\system32\regperf.exe FOUND ! C:\WINDOWS\system32\simpole.tlb FOUND ! C:\WINDOWS\system32\stdole3.tlb FOUND ! C:\WINDOWS\system32\ts.ico FOUND ! C:\WINDOWS\system32\1024\ FOUND ! Thanks, Mike

#4 Susan528

SuperMember

Authentic Member
3,194 posts

Posted 19 June 2006 - 04:09 PM

Please do the following:

Clean

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

______________________________

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

Posted Image

The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Clean out your Temporary Internet files. Proceed like this:

Quit Internet Explorer and quit any instances of Windows Explorer.
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.

Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan.

Click on Scanner
Click on Settings
- Under How to scan all boxes should be checked
- Under Unwanted Software all boxes should be checked
- Under What to scan select Scan every file
- Click on Ok
Click on Complete System Scan to start the scan process.
Let the program scan the machine.

If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections and put a checkmark in the box next to Create encrypted backup, then choose clean and click Ok.

Once the scan has completed, there will be a button located on the bottom of the screen named Save Report.

Click Save Report button
Save the report to your Desktop

Close Ewido and Reboot in Normal Mode.

Please post:

c:\rapport.txt
Ewido log
A new HijackThis log

Your may need several replies to post the requested logs, otherwise they might get cut off.

#5 mp62

Authentic Member

Authentic Member
21 posts

Posted 19 June 2006 - 07:10 PM

OK - here it is. SmitFraudFix v2.62 Scan done at 19:13:48.64, Mon 06/19/2006 Run from C:\Documents and Settings\Mike\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{05a91164-3c96-47d6-aa74-2c855791b2d0}"="incaged" [HKEY_CLASSES_ROOT\CLSID\{05a91164-3c96-47d6-aa74-2c855791b2d0}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\CLSID\{05a91164-3c96-47d6-aa74-2c855791b2d0}\InProcServer32] »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\.protected Deleted C:\WINDOWS\system32\atmclk.exe Deleted C:\WINDOWS\system32\dcomcfg.exe Deleted C:\WINDOWS\system32\hp???.tmp Deleted C:\WINDOWS\system32\ld????.tmp Deleted C:\WINDOWS\system32\ot.ico Deleted C:\WINDOWS\system32\regperf.exe Deleted C:\WINDOWS\system32\simpole.tlb Deleted C:\WINDOWS\system32\stdole3.tlb Deleted C:\WINDOWS\system32\ts.ico Deleted C:\WINDOWS\system32\1024\ Deleted C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted C:\DOCUME~1\Mike\FAVORI~1\Antivirus Test Online.url Deleted C:\DOCUME~1\Mike\STARTM~1\Programs\Startup\.protected Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected Deleted C:\Program Files\Security Toolbar\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 8:45:06 PM, 6/19/2006 + Report-Checksum: EE0C64CB + Scan result: :mozilla.13:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.23:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.24:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.25:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.26:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.27:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.30:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.31:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.32:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.33:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.34:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.35:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.36:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.37:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.38:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.39:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.40:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.41:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.42:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.43:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.44:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.45:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.46:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.47:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.48:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.49:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.50:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.51:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.52:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.53:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.54:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.55:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.56:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.57:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.58:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.59:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.60:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.61:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.62:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.63:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.64:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.65:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.66:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.67:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.68:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.69:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.70:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.71:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.72:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.73:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.74:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.75:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.76:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.77:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.78:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.79:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.80:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.81:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.82:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.83:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.94:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.97:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.98:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.99:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.100:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.101:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.111:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.112:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.128:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.129:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.141:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.142:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.143:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.144:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.148:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.151:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.152:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.162:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.163:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.164:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.165:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.166:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.167:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.168:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.169:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.170:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.171:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.172:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.173:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.174:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.175:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.176:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.177:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.178:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.179:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.180:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.181:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.182:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.183:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.184:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup :mozilla.185:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.205:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup :mozilla.206:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup :mozilla.224:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.226:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.230:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.231:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup :mozilla.232:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup :mozilla.233:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.234:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.235:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.248:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.249:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.251:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.252:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.253:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.255:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup :mozilla.259:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.260:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.261:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.262:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.265:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.266:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.267:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.269:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.270:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.271:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.278:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.279:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.280:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.281:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.306:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.318:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.319:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.342:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.343:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.344:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.345:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.346:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.347:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.348:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup :mozilla.349:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.355:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.356:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup :mozilla.369:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.370:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.371:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.388:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.401:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup :mozilla.407:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.408:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.409:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.410:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.411:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.412:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.413:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.414:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.415:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.416:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.422:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.423:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.424:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.425:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.426:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.427:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.428:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.429:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.430:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.431:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.432:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.433:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.434:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.435:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.436:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.437:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.438:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.439:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.476:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.477:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.480:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.481:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.482:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.483:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.484:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.485:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.493:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup :mozilla.530:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.531:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.532:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.533:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.534:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.535:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.536:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.544:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.545:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.546:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.550:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.566:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.567:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.568:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.569:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.570:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.571:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.572:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.573:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.586:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.600:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.601:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.604:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.605:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.617:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup :mozilla.618:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.619:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.630:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.631:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.650:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.652:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.654:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.656:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.668:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup :mozilla.673:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.677:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup :mozilla.678:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup :mozilla.704:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.772:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.773:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.775:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.776:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.778:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.779:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.780:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup :mozilla.781:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.782:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.785:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.794:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.834:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.838:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.857:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.866:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.867:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.868:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.869:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.870:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.877:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq160.tmp -> TrackingCookie.2o7 : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq165.tmp -> TrackingCookie.Advertising : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq166.tmp -> TrackingCookie.Falkag : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq167.tmp -> TrackingCookie.Atdmt : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq169.tmp -> TrackingCookie.Bfast : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16A.tmp -> TrackingCookie.Bluestreak : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16C.tmp -> TrackingCookie.Serving-sys : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16D.tmp -> TrackingCookie.Burstnet : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16E.tmp -> TrackingCookie.Casalemedia : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16F.tmp -> TrackingCookie.Centrport : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq170.tmp -> TrackingCookie.Bridgetrack : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq172.tmp -> TrackingCookie.Com : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq173.tmp -> TrackingCookie.Commission-junction : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq174.tmp -> TrackingCookie.Coremetrics : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq175.tmp -> TrackingCookie.Doubleclick : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq176.tmp -> TrackingCookie.Ru4 : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq177.tmp -> TrackingCookie.Hitbox : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq178.tmp -> TrackingCookie.Falkag : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq179.tmp -> TrackingCookie.Fastclick : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17A6.tmp -> TrackingCookie.247realmedia : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17A7.tmp -> TrackingCookie.Falkag : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17AB.tmp -> TrackingCookie.Sexlist : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17AC.tmp -> TrackingCookie.Targetnet : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17AD.tmp -> TrackingCookie.Valueclick : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17B.tmp -> TrackingCookie.Hitbox : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17C.tmp -> TrackingCookie.Hitbox : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17D.tmp -> TrackingCookie.Hitbox : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17E.tmp -> TrackingCookie.Hitbox : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17F.tmp -> TrackingCookie.Hotlog : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq183.tmp -> TrackingCookie.Mediaplex : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq184.tmp -> TrackingCookie.Paycounter : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq186.tmp -> TrackingCookie.Qksrv : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq187.tmp -> TrackingCookie.Questionmarket : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq189.tmp -> TrackingCookie.Revenue : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18A.tmp -> TrackingCookie.Advertising : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18B.tmp -> TrackingCookie.Serving-sys : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18C.tmp -> TrackingCookie.Sexlist : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18D.tmp -> TrackingCookie.Sextracker : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18E.tmp -> TrackingCookie.Sextracker : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18F.tmp -> TrackingCookie.Sextracker : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq190.tmp -> TrackingCookie.Sextracker : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq191.tmp -> TrackingCookie.Statcounter : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq192.tmp -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq193.tmp -> TrackingCookie.Trafficmp : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq195.tmp -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq197.tmp -> TrackingCookie.Valueclick : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq198.tmp -> TrackingCookie.Webtrendslive : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19A.tmp -> TrackingCookie.Xxxcounter : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19B.tmp -> TrackingCookie.Adserver : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19C.tmp -> TrackingCookie.Zedo : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A6A.tmp -> TrackingCookie.Hitbox : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A6C.tmp -> TrackingCookie.Revenue : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A6D.tmp -> TrackingCookie.Sextracker : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A6E.tmp -> TrackingCookie.Zedo : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq204.tmp -> TrackingCookie.Hitbox : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq205.tmp -> TrackingCookie.Sextracker : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq206.tmp -> TrackingCookie.Sextracker : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq319.tmp -> TrackingCookie.Pro-market : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp -> TrackingCookie.Bridgetrack : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36.tmp -> TrackingCookie.Com : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq367.tmp -> TrackingCookie.Sextracker : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq368.tmp -> TrackingCookie.Onestat : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq37.tmp -> TrackingCookie.Hitbox : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39.tmp -> TrackingCookie.Hitbox : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A.tmp -> TrackingCookie.Doubleclick : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B.tmp -> TrackingCookie.Sextracker : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3BC.tmp -> TrackingCookie.Bluestreak : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C.tmp -> TrackingCookie.Linksynergy : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3E.tmp -> TrackingCookie.Sextracker : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3F.tmp -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq40.tmp -> TrackingCookie.Adserver : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq41.tmp -> TrackingCookie.Casalemedia : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42C.tmp -> TrackingCookie.Coremetrics : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42D.tmp -> TrackingCookie.Ru4 : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42E.tmp -> TrackingCookie.Falkag : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42F.tmp -> TrackingCookie.Hitbox : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq430.tmp -> TrackingCookie.Linksynergy : Cleaned with backup C:\Program Files\

#6 mp62

Authentic Member

Authentic Member
21 posts

Posted 19 June 2006 - 07:16 PM

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3E.tmp -> TrackingCookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3F.tmp -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq40.tmp -> TrackingCookie.Adserver : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq41.tmp -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42C.tmp -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42D.tmp -> TrackingCookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42E.tmp -> TrackingCookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42F.tmp -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq430.tmp -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq431.tmp -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq432.tmp -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq68.tmp -> TrackingCookie.Burstnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq716.tmp -> TrackingCookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq717.tmp -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq80.tmp -> TrackingCookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq81.tmp -> TrackingCookie.Fastclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq82.tmp -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAD42.tmp -> TrackingCookie.Bfast : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAD43.tmp -> TrackingCookie.Counted : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAD46.tmp -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAD48.tmp -> TrackingCookie.Paycounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAD4A.tmp -> TrackingCookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAD4B.tmp -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAD4D.tmp -> TrackingCookie.Statcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAD4E.tmp -> TrackingCookie.Targetnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAD50.tmp -> TrackingCookie.Valueclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAD51.tmp -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD0FE.tmp -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD1.tmp -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD2.tmp -> TrackingCookie.Hitslink : Cleaned with backup

::Report End

Logfile of HijackThis v1.99.1
Scan saved at 8:52:09 PM, on 6/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\system32\2147e0e3.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O3 - Toolbar: Video Professor Stay on Top - {56879C4B-B0B1-447C-9FDF-259F70BE9F76} - C:\Program Files\VideoProfessorStayOnTop\VPExplorerExtensions.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
O4 - HKLM\..\Run: [2147e0e3.exe] C:\WINDOWS\system32\2147e0e3.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [2147e0e3.exe] C:\Documents and Settings\Mike\Local Settings\Application Data\2147e0e3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: palstart.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZRfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {13A1F2A9-14FB-0770-22B6-474675403D0A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {701DC9DC-ACD5-4E94-85E3-F3F1ED68611A} (CWebClientCtl Object) - http://download.palt...ebclientctl.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} (PhaseCaster Widget) - http://www.streamerp...iles/phasex.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

As I was posting this avast issued this warning:

Sign of "Win32:Small-ADK [Trj]" has been found in C:\Windows\system32\2147e0e3.exe" file.

Thanks again,
Mike

#7 Susan528

SuperMember

Authentic Member
3,194 posts

Posted 19 June 2006 - 08:42 PM

This link will explain why I suggest removal of palstart
http://www.superadbl...ition/palstart/

This link explains about the NielsenOnline
http://castlecops.co...list-12107.html
Name NetMeter Command NielsenOnline.exe Status X Description Appears to have possible Malware functions

Disable Microsoft AntiSpyware:
We need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes that we need to make.

Open Microsoft AntiSpyware
Click on Tools, Settings.
In the left pane, click on Real-time Protection
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

After all of the fixes are complete it is very important that you enable Real-time Protection again. Better yet, uninstall it and replace it with Microsoft Windows Defender. Microsoft Antispyware has been updated and renamed Microsoft Windows Defender. You can download the new version from http://www.microsoft...re/default.mspx

STEP 1.
======
MyWay Removal
Open ‘Add/Remove Programs’ in the Control Panel.

Select the ‘My Search Bar’ (MySearch variant), ‘MyWay Speed Bar’ (MyWay) or ‘My Web Search Bar’ (MyWeb) entry
Click ‘Remove’.
For the MyWeb variant, be sure to also remove ‘Fun Web Products Easy Installer’
Open My Computer, Drive C, and double-click on the Program Files folder
Right-click and delete the folders for:
FunWebProducts
MyWebSearch

Please set your system to show all files; please see here if you're unsure how to do this.

Scan with HijackThis. Place a check against each of the following:
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
O4 - HKLM\..\Run: [2147e0e3.exe] C:\WINDOWS\system32\2147e0e3.exe
O4 - HKCU\..\Run: [2147e0e3.exe] C:\Documents and Settings\Mike\Local Settings\Application Data\2147e0e3.exe
O4 - Global Startup: palstart.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZRfox000
O16 - DPF: {13A1F2A9-14FB-0770-22B6-474675403D0A} - http://85.255.113.214/1/gdnUS2218.exe
Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\WINDOWS\system32\2147e0e3.exe<==file
Please uninstall errorkiller if the errorkiller folder still exists then delete it
C:\Program Files\errorkiller<==folder
C:\Program Files\NetRatingsNetmeter<==folder
C:\Documents and Settings\Mike\Local Settings\Application Data\2147e0e3.exe<==file
O4 - Global Startup: palstart.exe<==file (you may need to search to find it)
Exit Explorer, and reboot as normal afterwards.

Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Standard
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:
Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.

Copy and paste that information from Kapersky in your next post.

Post (reply) with a fresh HijackThis log and the results from Kapersky, and we will take another look.

#8 mp62

Authentic Member

Authentic Member
21 posts

Posted 19 June 2006 - 11:31 PM

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, June 20, 2006 1:22:22 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 20/06/2006
Kaspersky Anti-Virus database records: 189469
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 51117
Number of viruses found: 12
Number of infected objects: 63
Number of suspicious objects: 0
Duration of the scan process: 00:43:16

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-1715818b.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Documents and Settings\Mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-1715818b.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Identities\{0174DD50-540D-449D-9AB5-69A1CB69F9F2}\Microsoft\Outlook Express\alt.binaries.pictures.erotica.bianca-trump.dbx/[From mickyletts@yahoo.com][Date Wed, 28 Dec 2005 18:28:31 GMT]/maryteen.wmv Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Identities\{0174DD50-540D-449D-9AB5-69A1CB69F9F2}\Microsoft\Outlook Express\alt.binaries.pictures.erotica.bianca-trump.dbx/[From stephan@wings.net][Date Wed, 11 Jan 2006 03:50:12 GMT]/amateur_anal.wmv Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Identities\{0174DD50-540D-449D-9AB5-69A1CB69F9F2}\Microsoft\Outlook Express\alt.binaries.pictures.erotica.bianca-trump.dbx Mail MS Outlook 5: infected - 2 skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Identities\{0174DD50-540D-449D-9AB5-69A1CB69F9F2}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Paypal Security" <securitycenter@paypal.com>][Date Fri, 29 Jul 2005 23:30:59 -0800]/UNNAMED/html Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Identities\{0174DD50-540D-449D-9AB5-69A1CB69F9F2}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Paypal Security" <securitycenter@paypal.com>][Date Fri, 29 Jul 2005 23:30:59 -0800]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Identities\{0174DD50-540D-449D-9AB5-69A1CB69F9F2}\Microsoft\Outlook Express\Deleted Items.dbx/[From "PayPal" <service@paypal.com>][Date Fri, 18 Nov 2005 22:14:30 -0400]/UNNAMED/html Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Identities\{0174DD50-540D-449D-9AB5-69A1CB69F9F2}\Microsoft\Outlook Express\Deleted Items.dbx/[From "PayPal" <service@paypal.com>][Date Fri, 18 Nov 2005 22:14:30 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Identities\{0174DD50-540D-449D-9AB5-69A1CB69F9F2}\Microsoft\Outlook Express\Deleted Items.dbx/[From PayPal Billing Center. <service@paypal.com>][Date Fri, 25 Nov 2005 20:50:31 +0300]/UNNAMED/PE-901-449-020.jpg.exe Infected: Trojan-Downloader.Win32.Small.bxp skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Identities\{0174DD50-540D-449D-9AB5-69A1CB69F9F2}\Microsoft\Outlook Express\Deleted Items.dbx/[From PayPal Billing Center. <service@paypal.com>][Date Fri, 25 Nov 2005 20:50:31 +0300]/UNNAMED Infected: Trojan-Downloader.Win32.Small.bxp skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Identities\{0174DD50-540D-449D-9AB5-69A1CB69F9F2}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 6 skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP454\A0069014.dll Infected: not-virus:Hoax.Win32.Renos.dp skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP454\A0069024.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069126.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069133.exe Infected: Trojan-Downloader.Win32.Zlob.tl skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069135.dll Infected: Trojan-Downloader.Win32.Zlob.tj skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069143.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069149.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069157.exe Infected: Trojan-Downloader.Win32.Zlob.tl skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069165.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP456\A0069205.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP457\A0069300.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP458\A0069447.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP461\A0069578.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP461\A0070575.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP461\A0070596.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP461\A0071596.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP462\A0071627.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP462\A0071665.exe Infected: Trojan-Downloader.Win32.Zlob.tw skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP463\A0071690.tlb Infected: Trojan-Downloader.Win32.Zlob.ub skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP463\A0071705.exe Infected: Trojan-Downloader.Win32.Zlob.ht skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP463\A0071706.exe Infected: Trojan-Downloader.Win32.Zlob.ub skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP463\A0071708.exe Infected: Trojan-Downloader.Win32.Zlob.sw skipped
C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP463\A0071709.tlb Infected: Trojan-Downloader.Win32.Zlob.ub skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.10\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.11\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.12\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.13\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.14\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.15\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.16\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.17\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.18\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.19\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.20\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.21\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.22\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.23\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.24\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.25\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.26\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.27\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped
C:\WINDOWS\Downloaded Program Files\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped

Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 1:27:23 AM, on 6/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O3 - Toolbar: Video Professor Stay on Top - {56879C4B-B0B1-447C-9FDF-259F70BE9F76} - C:\Program Files\VideoProfessorStayOnTop\VPExplorerExtensions.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {701DC9DC-ACD5-4E94-85E3-F3F1ED68611A} (CWebClientCtl Object) - http://download.palt...ebclientctl.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} (PhaseCaster Widget) - http://www.streamerp...iles/phasex.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

#9 Susan528

SuperMember

Authentic Member
3,194 posts

Posted 20 June 2006 - 12:22 PM

Hello mp62,

Let's go after those infected files!

======
Delete Files with Killbox

Download Pocket Killbox from http://www.downloads...org/KillBox.zip and unzip it; save it to your Desktop. DO NOT RUN IT YET.
==========
Double-click on KillBox.exe to launch the program. It is the red circle with a large white X in it
- Highlight the files in bold RED below and press the Ctrl key and the C key at the same time to copy them to the clipboard
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS2218.
C:\WINDOWS\Downloaded Program Files\CONFLICT.10\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.11\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.12\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.13\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.14\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.15\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.16\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.17\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.18\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.19\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.20\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.21\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.22\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.23\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.24\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.25\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.26\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.27\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\gdnUS2218.exe
C:\WINDOWS\Downloaded Program Files\gdnUS2218.exe

In Killbox click on the File menu and then the Paste from Clipboard item
in the Full Path of File to Delete field drop down the arrow and make sure that all of the files are listed
(Please note that the tool checks your computer for the presence of the files pasted into the box so if files are not present, it is possible that you might not see all files you pasted into the box.)
Click the option to Delete on Reboot
- If not greyed out click the checkbox for Unregister .dll Before Deleting
- click End Explorer Shell while Killing File
- Now click on the red button with a white 'X' in the middle to delete the files
- Click Yes when it says all files will be deleted on the next reboot
- Click Yes when it asks if you want to reboot now
(Note: If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just reboot manually)

Note: Killbox will let you know if a file does not exist. If that happens, just continue on.

If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot.

========
Please follow the instructions for "How to Clean a Java Cache Folder"
http://support.f-sec...javacache.shtml
========

You need to delete the following emails. You may have to compact folders to be able to permanently delete them.

C:\Documents and Settings\Mike\Local Settings\Application Data\Identities\{0174DD50-540D-449D-9AB5-69A1CB69F9F2}\Microsoft\Outlook Express\alt.binaries.pictures.erotica.bianca-trump.dbx/[From mickyletts@yahoo.com][Date Wed, 28 Dec 2005 18:28:31 GMT]/maryteen.wmv C:\Documents and Settings\Mike\Local Settings\Application Data\Identities\{0174DD50-540D-449D-9AB5-69A1CB69F9F2}\Microsoft\Outlook Express\alt.binaries.pictures.erotica.bianca-trump.dbx/[From stephan@wings.net][Date Wed, 11 Jan 2006 03:50:12 GMT]/amateur_anal.wmv Infected: Trojan- C:\Documents and Settings\Mike\Local Settings\Application Data\Identities\{0174DD50-540D-449D-9AB5-69A1CB69F9F2}\Microsoft\Outlook Express\alt.binaries.pictures.erotica.bianca-trump.dbx Mail MS Outlook 5:
C:\Documents and Settings\Mike\Local Settings\Application Data\Identities\{0174DD50-540D-449D-9AB5-69A1CB69F9F2}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Paypal Security" <securitycenter@paypal.com>][Date Fri, 29 Jul 2005 23:30:59 -0800]/UNNAMED/html C:\Documents and Settings\Mike\Local Settings\Application Data\Identities\{0174DD50-540D-449D-9AB5-69A1CB69F9F2}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Paypal Security" <securitycenter@paypal.com>][Date Fri, 29 Jul 2005 23:30:59 -0800]/UNNAMED C:\Documents and Settings\Mike\Local Settings\Application Data\Identities\{0174DD50-540D-449D-9AB5-69A1CB69F9F2}\Microsoft\Outlook Express\Deleted Items.dbx/[From "PayPal" <service@paypal.com>][Date Fri, 18 Nov 2005 22:14:30 -0400]/UNNAMED/html
C:\Documents and Settings\Mike\Local Settings\Application Data\Identities\{0174DD50-540D-449D-9AB5-69A1CB69F9F2}\Microsoft\Outlook Express\Deleted Items.dbx/[From "PayPal" <service@paypal.com>][Date Fri, 18 Nov 2005 22:14:30 -0400]/UNNAMED
C:\Documents and Settings\Mike\Local Settings\Application Data\Identities\{0174DD50-540D-449D-9AB5-69A1CB69F9F2}\Microsoft\Outlook Express\Deleted Items.dbx/[From PayPal Billing Center. <service@paypal.com>][Date Fri, 25 Nov 2005 20:50:31 +0300]/UNNAMED/PE-901-449-020.jpg.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Identities\{0174DD50-540D-449D-9AB5-69A1CB69F9F2}\Microsoft\Outlook Express\Deleted Items.dbx/[From PayPal Billing Center. <service@paypal.com>][Date Fri, 25 Nov 2005 20:50:31 +0300]/UNNAMED

Please run Kapersky again and post (reply) with the results and let's see how we did.

#10 mp62

Authentic Member

Authentic Member
21 posts

Posted 21 June 2006 - 04:52 AM

------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Wednesday, June 21, 2006 6:47:33 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 21/06/2006 Kaspersky Anti-Virus database records: 189682 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 50103 Number of viruses found: 8 Number of infected objects: 51 Number of suspicious objects: 0 Duration of the scan process: 05:00:42 Infected Object Name / Virus Name / Last Action C:\!KillBox\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 1) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 10) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 11) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 12) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 13) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 14) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 15) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 16) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 17) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 18) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 19) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 2) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 20) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 21) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 22) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 23) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 24) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 25) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 26) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 3) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 4) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 5) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 6) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 7) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 8) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 9) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP454\A0069014.dll Infected: not-virus:Hoax.Win32.Renos.dp skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP454\A0069024.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069126.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069133.exe Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069135.dll Infected: Trojan-Downloader.Win32.Zlob.tj skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069143.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069149.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069157.exe Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069165.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP456\A0069205.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP457\A0069300.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP458\A0069447.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP461\A0069578.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP461\A0070575.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP461\A0070596.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP461\A0071596.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP462\A0071627.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP462\A0071665.exe Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP463\A0071690.tlb Infected: Trojan-Downloader.Win32.Zlob.ub skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP463\A0071705.exe Infected: Trojan-Downloader.Win32.Zlob.ht skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP463\A0071706.exe Infected: Trojan-Downloader.Win32.Zlob.ub skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP463\A0071708.exe Infected: Trojan-Downloader.Win32.Zlob.sw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP463\A0071709.tlb Infected: Trojan-Downloader.Win32.Zlob.ub skipped C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped Scan process completed.

Advertisements

Register to Remove

#11 Susan528

SuperMember

Authentic Member
3,194 posts

Posted 21 June 2006 - 06:55 AM

STEP 1.
======
Delete Files with Killbox

Double-click on KillBox.exe to launch the program. It is the red circle with a large white X in it
- Highlight the files in bold RED below and press the Ctrl key and the C key at the same time to copy them to the clipboard
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS2218.exe

In Killbox click on the File menu and then the Paste from Clipboard item
in the Full Path of File to Delete field drop down the arrow and make sure that all of the files are listed
(Please note that the tool checks your computer for the presence of the files pasted into the box so if files are not present, it is possible that you might not see all files you pasted into the box.)
Click the option to Delete on Reboot
- If not greyed out click the checkbox for Unregister .dll Before Deleting
- click End Explorer Shell while Killing File
- Now click on the red button with a white 'X' in the middle to delete the files
- Click Yes when it says all files will be deleted on the next reboot
- Click Yes when it asks if you want to reboot now
(Note: If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just reboot manually)

Note: Killbox will let you know if a file does not exist. If that happens, just continue on.

If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click Yes

Now go ahead and delete the folder
C:\!KillBox\<==folder

Empty the recycle bin.
Reboot

Run Kapersky again and post(reply) with the results.

#12 mp62

Authentic Member

Authentic Member
21 posts

Posted 21 June 2006 - 07:07 PM

------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Wednesday, June 21, 2006 9:01:48 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 22/06/2006 Kaspersky Anti-Virus database records: 189837 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 51443 Number of viruses found: 6 Number of infected objects: 49 Number of suspicious objects: 0 Duration of the scan process: 00:55:57 Infected Object Name / Virus Name / Last Action C:\!KillBox\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 1) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 10) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 11) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 12) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 13) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 14) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 15) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 16) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 17) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 18) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 19) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 2) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 20) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 21) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 22) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 23) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 24) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 25) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 26) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 3) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 4) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 5) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 6) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 7) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 8) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\!KillBox\gdnUS2218.exe( 9) Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP454\A0069024.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069126.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069133.exe Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069135.dll Infected: Trojan-Downloader.Win32.Zlob.tj skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069143.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069149.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069157.exe Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069165.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP456\A0069205.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP457\A0069300.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP458\A0069447.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP461\A0069578.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP461\A0070575.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP461\A0070596.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP461\A0071596.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP462\A0071627.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP462\A0071665.exe Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP463\A0071690.tlb Infected: Trojan-Downloader.Win32.Zlob.ub skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP463\A0071706.exe Infected: Trojan-Downloader.Win32.Zlob.ub skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP463\A0071708.exe Infected: Trojan-Downloader.Win32.Zlob.sw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP463\A0071709.tlb Infected: Trojan-Downloader.Win32.Zlob.ub skipped C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped Scan process completed. Should system restore be turned off? Just wondering....... Thanks, Mike

#13 Susan528

SuperMember

Authentic Member
3,194 posts

Posted 21 June 2006 - 07:18 PM

Should system restore be turned off? Just wondering.......

We clean a system and then clear the restore points as a last thing because if problem occurs during cleaning, having an infected restore point is better than no restore point.

Did you delete the !Killbox folder and get rid of those files? If so then post one more hijackthis log and if everything looks fine, I will give you final instructions.

#14 mp62

Authentic Member

Authentic Member
21 posts

Posted 22 June 2006 - 05:21 AM

OK - Killbox is gone. Not sure how to clean this up though: ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Wednesday, June 21, 2006 11:06:25 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 22/06/2006 Kaspersky Anti-Virus database records: 189843 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 51973 Number of viruses found: 6 Number of infected objects: 23 Number of suspicious objects: 0 Duration of the scan process: 01:00:17 Infected Object Name / Virus Name / Last Action C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP454\A0069024.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069126.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069133.exe Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069135.dll Infected: Trojan-Downloader.Win32.Zlob.tj skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069143.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069149.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069157.exe Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP455\A0069165.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP456\A0069205.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP457\A0069300.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP458\A0069447.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP461\A0069578.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP461\A0070575.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP461\A0070596.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP461\A0071596.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP462\A0071627.tlb Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP462\A0071665.exe Infected: Trojan-Downloader.Win32.Zlob.tw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP463\A0071690.tlb Infected: Trojan-Downloader.Win32.Zlob.ub skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP463\A0071706.exe Infected: Trojan-Downloader.Win32.Zlob.ub skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP463\A0071708.exe Infected: Trojan-Downloader.Win32.Zlob.sw skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP463\A0071709.tlb Infected: Trojan-Downloader.Win32.Zlob.ub skipped C:\System Volume Information\_restore{D540E2B1-AB5B-44A8-9C5E-48F5D68C2DB8}\RP465\A0071981.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS2218.exe Infected: Trojan-Downloader.Win32.Small.cxq skipped Scan process completed. If I try to access this folder I get C:\System Volume Information is not accessible. Access is denied

#15 Susan528

SuperMember

Authentic Member
3,194 posts

Posted 22 June 2006 - 06:30 AM

There is that one file still present. :rant2:

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS2218.exe

Please download The Avenger by Swandog46 to the Desktop.
Click on Avenger.zip to open the file
Then, extract avenger.exe to the Desktop

Next, copy all the blue text below to the Clipboard by highlighting it and pressing Ctrl+C:

Files to delete:
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS2218.exe

Start The Avenger program by clicking its icon on the Desktop.
Under: Script file to execute, select: Input Script Manually
Now click on the Magnifying Glass icon
It opens a new window titled: View/edit script
Paste the text copied to clipboard into this window by pressing Ctrl+V.
Click Done

Next, click on the Green Light to begin the execution of the script
Answer Yes twice when prompted.

The Avenger automatically does following:
Restarts the computer.
On reboot, briefly opens a black command window on the Desktop. This is normal.

After the restart, it creates a log that opens with the results of Avenger’s actions.
This log is located at C:\avenger.txt

Please provide C:\avenger.txt in your reply. Then run Kapersky again and let's make sure it does not show up there except in the Avenger folder.

Edited by Susan528, 22 June 2006 - 06:31 AM.

Body Background

skin color theme