Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Virus Alert Icon in system Tray

Started by DEG , Apr 25 2006 12:22 PM

  • This topic is locked This topic is locked
5 replies to this topic

#1 DEG

DEG

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 25 April 2006 - 12:22 PM

Windows XP home system. I have been infected with the Virus Alert icon that shows up in the System Tray.
I have run Ad Aware SE, Spybot Search and destroy and the licensed version of Spyware Doctor. They find no infections - I have deleted everything they found.

This only affects one userid, mine. I have three others on the system that are OK. I also found that even if I start in Safe Mode and logon with my id that the task runs. I have run Hijack this and here is the log. (By the way, the ISSI EZUpdate Service is OK, it belongs to the IBM intranet tools that I have on this machine as an IBM employee.)

Dale.

Logfile of HijackThis v1.99.1
Scan saved at 11:33:26 AM, on 4/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\lotus\organize\easyclip.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\lotus\smartctr\suitest.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Home Director\MONITOR.EXE
C:\MClipbrd\MClipboard.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netscape.ca"); (C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_Canada.src"); (C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\prefs.js)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [w32msgr] C:\sdwork\w32main2.exe /log c:\sdwork\msgr.txt ospdb.pok.ibm.com
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: IBM Home Director Monitor.lnk = C:\Program Files\Home Director\MONITOR.EXE
O4 - Startup: MClipboard.lnk = C:\MClipbrd\MClipboard.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
O4 - Global Startup: Lotus QuickStart.lnk = ?
O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {140F03AE-0588-11D4-BD45-0050048A82BF} (eShare Web Collaboration Class) - https://intuitcanada...ects/emagic.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://142.179.218.2...sCamControl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Advertisements

Register to Remove

#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 03 May 2006 - 05:58 AM

Hello DEG,

Welcome to the Tom Coyote forum, sorry for the delay but we have more logs than people to look at them.

I am not seeing anything earth shattering on your log, not to say that something could be hidden and not showing up.

Lets do this....

Download and install Ewido Anti-Malware
Ewido Anti-Malware
* When installing, under Additional Options uncheck
* Install background guard and
* Install scan via context menu
* Launch Ewido, there should be an icon on your desktop for it to double-click.
o Click on update
o You should see Update Complete when done.
o Now close out the program <-- Dont run it yet





Now reboot into Safemode
* Go to START/ SHUT OF YOUR COMPUTER/ RESTART
* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
* Use the UP AND DOWN ARROW KEYS to scroll up to SAFEMODE
* Then press the ENTER KEY ON YOUR KEYBOARD



Now open Ewido
o Click on scanner.
o Run a full system scan
o Let the program scan the machine.
o While the scan is in progress you will be prompted to clean files, click OK.
o Select Perform action on all infections
o Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
o Click Save report.
o Save the report to your desktop.



While in Safemode, open HJT Scan Only, close all open windows except HJT, check these items and click on Fix Checked

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot



Reboot normally and lets run a system cleaner to clean out all your temp files and such


Download and Install CCleaner
* Click on Run Cleaner
Tutorial for CCleaner



Post back with the Ewido Report and a new HJT log please.

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 DEG

DEG

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 03 May 2006 - 12:05 PM

Hello Ken, thanks for the reply. I now have clean system!

A couple of things to explain. I have not run Ccleaner yet but I will soon. Also, one of the items that you asked me to remove in the HJT list did not show up when I ran HJT from the Administrator id in Safe Mode. Perhaps if I run using my id in Safe mode it will. I'll give it a try later too. This item is

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>

Thaks again for your help - a donation will be forthcoming. Dale Gloer


Here's my EWIDO log.
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:40:12 AM, 5/3/2006
+ Report-Checksum: 359C86E4

+ Scan result:

:mozilla.8:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dale\Cookies\dale@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Dale\Cookies\dale@e-2dj6wfkyqkajcbo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dale\Cookies\dale@e-2dj6wjkychazafp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dale\Cookies\dale@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Dale\Cookies\dale@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Lana\Application Data\Mozilla\Profiles\default\lj9tjoqd.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Lana\Application Data\Mozilla\Profiles\default\lj9tjoqd.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Lana\Application Data\Mozilla\Profiles\default\lj9tjoqd.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Lana\Application Data\Mozilla\Profiles\default\lj9tjoqd.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Lana\Application Data\Mozilla\Profiles\default\lj9tjoqd.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Lana\Application Data\Mozilla\Profiles\default\lj9tjoqd.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Lana\Application Data\Mozilla\Profiles\default\lj9tjoqd.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Lana\Application Data\Mozilla\Profiles\default\lj9tjoqd.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Lana\Application Data\Mozilla\Profiles\default\lj9tjoqd.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Lana\Cookies\lana@-1shz2prbmdj6wvny-1sez2pra2dj6wjmikkdzsgoa-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lana\Cookies\lana@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Lana\Cookies\lana@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Lana\Cookies\lana@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Lana\Cookies\lana@wrigley.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Lana\Cookies\lana@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiwndpghoa6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lana\Cookies\lana@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyqkajcbogwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lana\Cookies\lana@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4amd5mfpgwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lana\Cookies\lana@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4emdjecqqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lana\Cookies\lana@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4khdzghqqydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lana\Cookies\lana@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoaodjkgqqsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lana\Cookies\lana@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkowjajcbow2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lana\Cookies\lana@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkysjajohpw6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lana\Cookies\lana@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyugdpobpaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lana\Cookies\lana@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4uocpcgowydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lana\Cookies\lana@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlokoazehowydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lana\Cookies\lana@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyoiczwepaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lana\Cookies\lana@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyciczwepgidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lana\Cookies\lana@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnygidjskqqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lana\Cookies\lana@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyohdjglqqidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Marilyn\Application Data\Mozilla\Profiles\default\2y32z5m3.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Marilyn\Application Data\Mozilla\Profiles\default\2y32z5m3.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Marilyn\Application Data\Mozilla\Profiles\default\2y32z5m3.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Marilyn\Application Data\Mozilla\Profiles\default\2y32z5m3.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Marilyn\Application Data\Mozilla\Profiles\default\2y32z5m3.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Marilyn\Application Data\Mozilla\Profiles\default\2y32z5m3.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Marilyn\Application Data\Mozilla\Profiles\default\2y32z5m3.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Marilyn\Application Data\Mozilla\Profiles\default\2y32z5m3.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Marilyn\Application Data\Mozilla\Profiles\default\2y32z5m3.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Marilyn\Application Data\Mozilla\Profiles\default\2y32z5m3.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Marilyn\Application Data\Mozilla\Profiles\default\2y32z5m3.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Marilyn\Application Data\Mozilla\Profiles\default\2y32z5m3.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Marilyn\Application Data\Mozilla\Profiles\default\2y32z5m3.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Marilyn\Application Data\Mozilla\Profiles\default\2y32z5m3.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Marilyn\Application Data\Mozilla\Profiles\default\2y32z5m3.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Marilyn\Application Data\Mozilla\Profiles\default\2y32z5m3.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
-> : Error during cleaning
:mozilla.87:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Ryan\Application Data\Mozilla\Profiles\default\q3xsduzq.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Visitors\Application Data\Mozilla\Profiles\default\jgrt8r4z.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Visitors\Cookies\visitors@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Visitors\Cookies\visitors@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Visitors\Cookies\visitors@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Visitors\Cookies\visitors@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Visitors\Cookies\visitors@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Visitors\Cookies\visitors@wrigley.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Visitors\Cookies\visitors@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Visitors\Local Settings\Temp\Cookies\visitors@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\WINDOWS\system32\interf.tlb -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\sivudro.dll -> Not-A-Virus.Hoax.Win32.Renos.cs : Cleaned with backup


::Report End

and my Hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 11:50:51 AM, on 5/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\lotus\organize\easyclip.exe
C:\lotus\smartctr\suitest.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Home Director\MONITOR.EXE
C:\MClipbrd\MClipboard.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netscape.ca"); (C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_Canada.src"); (C:\Documents and Settings\Dale\Application Data\Mozilla\Profiles\default\uwtqpcx6.slt\prefs.js)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [w32msgr] C:\sdwork\w32main2.exe /log c:\sdwork\msgr.txt ospdb.pok.ibm.com
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: IBM Home Director Monitor.lnk = C:\Program Files\Home Director\MONITOR.EXE
O4 - Startup: MClipboard.lnk = C:\MClipbrd\MClipboard.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
O4 - Global Startup: Lotus QuickStart.lnk = ?
O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {140F03AE-0588-11D4-BD45-0050048A82BF} (eShare Web Collaboration Class) - https://intuitcanada...ects/emagic.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://142.179.218.2...sCamControl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 03 May 2006 - 01:30 PM

DEG,

Hang off on this one, it may just be more clutter than bad. I am going to look into it further.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>


The rest of your log looks good :thumbup:

I am listing some tips and tools for you to install to help keep you more secure, be sure to run CCleaner because you had a ton of cookies and most likely have a ton of temp files clogging up your system.


I will be back to you on that entry, so dont go away :D



Here are some free programs and tips for keeping your system up to date, and to help keep all the riff raff out of your system.

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your
system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

Turn off System Restore.

* Right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* Check Turn off System Restore on all Drives.
* Click Apply, and then click OK.

Reboot your System

Turn ON System Restore.

* Right-click My Computer.
* ClickProperties.
* Click the System Restore tab.
* UN-Check Turn off System Restore on all Drives.
* Click Apply, and then click OK.

* Go to Start/ Control Panel/ Performance and Maintenance/ System Restore/ Create a New Restore Point
You can name the restore point anything you like, something that you can remember, You will have to be in Catagory View to see this


Download and Install CCleaner
* Click on Run Cleaner
Tutorial for CCleaner

Now that your clean, we need to erase all possible older infected files that may still be lurking on your system.
* Clean out your TEMP FILES
* This procedure should be run from SAFEMODE for better results.



* Go to START/ SHUT OF YOUR COMPUTER/ RESTART
* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
* Use the UP AND DOWN ARROW KEYS to scroll up to SAFEMODE
* Then press the ENTER KEY ON YOUR KEYBOARD



* Go to My Computer/ C: Drive/ Documents and Settings/ Every User on this Computer Local Settings
and delete all the contents of the Temp Folder and the Temporary Internet Files Folder <--Just the contents, not the folder itself.



* Go to My Computer/ C:/ Windows/ Temp and delete all the contents of the Temp Folder <-- But not the temp folder itself.



* Go to My Computer/ C:/ Windows/ Prefetch and remove all the contents of the Prefetch Folder. <--But not the Prefetch folder itself.



NOW RE-BOOT NORMALLY



* Open INTERNET EXPLORER
* Click on the TOOLS MENU
* Then INTERNET OPTIONS
* At the GENERAL TAB (which should be the first tab you are currently on),
* click on the DELETE FILES BUTTON and put a checkmark in DELETE ALL OFFLINE CONTENT.
* Then press the OK BUTTON . This may take quite a while, so do not be alarmed with how long it takes.
* When it is done, your Temporary Internet Files will now be deleted.


Now Empty your Recycle Bin




* Make sure that your ANTI-VIRUS SOFTWARE is up to date and run a full scan at least once aweek.

* Here are Free Anti-Virus Programs if you need one
AVG Free Edition
AntVir Personal Edition



* Spybot Search and Destroy 1.4
Check for Updates/ Immunize and run a Full System Scan on a regular basis.


* Ad-Aware SE Personal 1.06
Check for Updates and run a Full System Scan on a regular basis.


* Spyware Blaster It will prevent most spyware from ever being installed.


* Spyware Guard It offers realtime protection from spyware installation attempts.


* Win Patrol This program will warn you when any changes are being made to your system and
give you the option to deny the change.


* IE- Spyad IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents downloads and (cookies etc) from the sites listed, although you will still be able to connect to the sites.


* Firefox Browser
It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both. When it asks you if you want it to be your default browser, say NO and take the checkmark out of the box to ask you again. After you use this for awhile, you will want to make it your default.


* Thunderbird Mail There companion mail program was highly favored in PCWorld Magazine, this has a good spam filter and is more secure than Outlook Express.


* Zone Alarm Here is a free Firewall from Zone Labs, I wouldn't access the internet without it.


* WINDOWS UPDATES - Enable Automatic Updates
Right click on MY COMPUTER/Click on PROPERTIES/ AUTOMATIC UPDATES and put a mark in the radio button
DOWNLOAD UPDATES FOR ME BUT LET ME CHOOSE WHEN TO INSTALL THEM.

* Go to START/ CONTROL PANEL> PERFORMANCE AND MAINTENANCE> REARRANGE ITEMS ON YOUR HARD DISK TO MAKE PROGRAMS RUN FASTER
This is the Windows Disk Defragger, run this maybe once or twice a month to keep your system running good. The first time you run it, it may take awhile.

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#5 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 17 May 2006 - 08:27 PM

Log looks good, will close this thread in 48 hours.

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#6 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 19 May 2006 - 10:25 AM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·