Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

hijack log for OHPE ver4.12_23 and other "malicious spyware"

Started by zadoo , May 23 2006 07:21 AM

  • This topic is locked This topic is locked
16 replies to this topic

#1 zadoo

zadoo

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 23 May 2006 - 07:21 AM

ever since the license for my ahnlab spyzero expired, I've been getting bombarded with pop-ups everytime I leave my computer for no more than 5 minutes... I just ran hijack this, and I was hoping if anyone could offer a solution to this problem...
also, there's like yellow alert icons that keep popping up on my startup bar that tell me to click on the alerts in order to download antispyware programs, which only lead to sites offering free spyware...

anyways...if anyone could offer some kind of solution, I'd really appreciate it!!!

thanks in advance!

Logfile of HijackThis v1.99.1
Scan saved at 8:38:55 AM, on 5/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Ahnlab\V3\MonSysNT.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ahnlab\V3\V3P3AT.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\AhnLab\AhnLab SpyZero 2.0\AszTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Warez P2P Client\warez.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\AhnLab\AhnLab SpyZero 2.0\AszMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\conime.exe
C:\PROGRA~1\Ahnlab\V3\MonSvcNT.exe
C:\PROGRA~1\Ahnlab\V3\V3IMPro.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp8387.tmp
O3 - Toolbar: ÆE¾÷Aº ¾ßEA! Aø¹U·I A÷´UCI¼¼¿a. - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - "C:\Program Files\Ahnlab\V3\V3Bar.dll" (file missing)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.c..._2005_11_06.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.....cab?refid=1162
O16 - DPF: {8C8225BB-57B3-43CD-8974-01B3A7D765F4} (XBugsSign Control) - http://player.bugs.c..._2005_11_06.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MonSvcNT - AhnLab, Inc. - C:\PROGRA~1\Ahnlab\V3\MonSvcNT.exe
O23 - Service: SpyZero_Monitor - AhnLab, Inc. - C:\Program Files\AhnLab\AhnLab SpyZero 2.0\AszMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


    Advertisements

Register to Remove

#2 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 29 May 2006 - 06:31 AM

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Posted Image

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter

Posted Image

This program will scan large amounts of files on your computer for known patterns so please be patient while it works.

IMPORTANT: Do NOT run any other options until you are asked to do so!

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Post: c:\rapport.txt When done.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#3 zadoo

zadoo

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 30 May 2006 - 01:38 PM

here's the rapport.txt

SmitFraudFix v2.51

Scan done at 15:33:06.42, 05/30/2006 Tue
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\WINDOWS


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\WINDOWS\system


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\WINDOWS\Web


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\WINDOWS\system32

C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\wfkduei.dll FOUND !
C:\WINDOWS\system32\xenadot.dll FOUND !

뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\Documents and Settings\Owner\Application Data


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Start Menu


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\DOCUME~1\Owner\FAVORI~1


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Desktop


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\Program Files


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Corrupted keys


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}"="XenaDot Software"

[HKEY_CLASSES_ROOT\CLSID\{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}\InProcServer32]
@="C:\WINDOWS\system32\xenadot.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}\InProcServer32]
@="C:\WINDOWS\system32\xenadot.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0c7416f0-dd23-420f-97f5-aae352ea2bf1}"="glochid"

[HKEY_CLASSES_ROOT\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@="C:\WINDOWS\system32\wfkduei.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@="C:\WINDOWS\system32\wfkduei.dll"


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Scanning wininet.dll infection


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 End


#4 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 30 May 2006 - 05:41 PM

Download the trial version of Ewido anti-malware 3.5 from here:
http://www.ewido.net/en/download/
  • Install Ewido anti-malware.
  • When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
  • When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
  • The program will prompt you to update. Click the Ok button.
  • The program will now go to the main screen.
You will need to update Ewido to the latest definition files.
  • On the left-hand side of the main screen click the Update Button.
  • Click on Start.
The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates. Make sure to close Ewido before installing the update.

Warning: running option #2 on a non infected computer will remove your Desktop background.

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

Posted Image


The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Post that log along with all others requested in your next reply.
______________________________

Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan.
  • Click on Scanner
  • Click on Settings
    • Under How to scan all boxes should be checked
    • Under Unwanted Software all boxes should be checked
    • Under What to scan select Scan every file
    • Click on Ok
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections and put a checkmark in the box next to Create encrypted backup, then choose clean and click Ok.

Once the scan has completed, there will be a button located on the bottom of the screen named Save Report.
  • Click Save Report button
  • Save the report to your Desktop
Close Ewido and Reboot in Normal Mode.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing
Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

Please post:
  • c:rapport.txt
  • Ewido log
  • A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#5 zadoo

zadoo

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 30 May 2006 - 07:18 PM

c:rapport.txt

SmitFraudFix v2.51

Scan done at 20:38:10.01, 05/30/2006 Tue
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Killing process


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Deleting infected files


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Generic Renos Fix

GenericRenosFix by S!Ri


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Deleting Temp Files


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Registry Cleaning

Registry Cleaning done.

뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 End


#6 zadoo

zadoo

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 30 May 2006 - 07:19 PM

Ewido log

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:09:37 PM, 5/30/2006
+ Report-Checksum: E3D1ACCA

+ Scan result:

HKU\S-1-5-21-3000044234-704138439-2881814580-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F79FD28E-36EE-4989-AA61-9DD8E30A82FA} -> Trojan.Small : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\hl5mrxmf.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.392:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.393:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.404:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.405:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.406:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.407:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.408:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.464:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.468:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.471:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.476:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.477:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.499:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.500:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.550:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.590:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.608:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.655:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.656:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.665:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.673:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.691:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.719:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.749:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.750:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.764:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.766:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.779:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.780:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.781:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.782:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.783:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.784:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.785:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.798:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.799:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.800:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.801:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.802:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.803:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.807:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.808:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.813:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup
:mozilla.817:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.818:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.819:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.824:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup
:mozilla.828:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.829:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.830:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.831:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.832:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.843:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned with backup
:mozilla.854:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.855:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.857:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.858:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.859:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.860:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.897:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\753lhdjn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWAS6_0001_N69M0903NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\system32\oins.exe -> Downloader.PurityScan.cm : Cleaned with backup


::Report End


#7 zadoo

zadoo

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 30 May 2006 - 07:20 PM

and a new HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 9:13:07 PM, on 5/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Ahnlab\V3\MonSysNT.exe
C:\Program Files\Ahnlab\V3\V3P3AT.exe
C:\Program Files\Ahnlab\V3\V3IMPro.exe
C:\Program Files\AhnLab\AhnLab SpyZero 2.0\AszTray.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Ahnlab\V3\MonSvcNT.exe
C:\Program Files\AhnLab\AhnLab SpyZero 2.0\AszMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\zstatus.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O3 - Toolbar: ÆE¾÷Aº ¾ßEA! Aø¹U·I A÷´UCI¼¼¿a. - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [System Medic] C:\Program Files\PCSECOM\PCSECOM.exe -mon
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.c..._2005_11_06.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.....cab?refid=1162
O16 - DPF: {8C8225BB-57B3-43CD-8974-01B3A7D765F4} (XBugsSign Control) - http://player.bugs.c..._2005_11_06.cab
O20 - Winlogon Notify: asnt3 - C:\WINDOWS\SYSTEM32\AsntDll.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MonSvcNT - AhnLab, Inc. - C:\PROGRA~1\Ahnlab\V3\MonSvcNT.exe
O23 - Service: SpyZero_Monitor - AhnLab, Inc. - C:\Program Files\AhnLab\AhnLab SpyZero 2.0\AszMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


#8 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 31 May 2006 - 04:04 AM

Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press Enter Post the report.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#9 zadoo

zadoo

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 31 May 2006 - 05:34 AM

c:/rapport.txt

SmitFraudFix v2.51

Scan done at 7:29:41.56, 05/31/2006 Wed
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\WINDOWS


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\WINDOWS\system


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\WINDOWS\Web


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\WINDOWS\system32


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\Documents and Settings\Owner\Application Data


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Start Menu


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\DOCUME~1\Owner\FAVORI~1


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Desktop


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\Program Files


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Corrupted keys


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Desktop Components



뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Scanning wininet.dll infection


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 End


#10 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 31 May 2006 - 06:43 AM

Can you post another hijackthis log and leave out the quotes
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

    Advertisements

Register to Remove

#11 zadoo

zadoo

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 31 May 2006 - 06:44 AM

sure thing...my bad

Logfile of HijackThis v1.99.1
Scan saved at 8:40:38 AM, on 5/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Ahnlab\V3\MonSvcNT.exe
C:\Program Files\AhnLab\AhnLab SpyZero 2.0\AszMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Ahnlab\V3\MonSysNT.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Ahnlab\V3\V3P3AT.exe
C:\Program Files\Ahnlab\V3\V3IMPro.exe
C:\Program Files\AhnLab\AhnLab SpyZero 2.0\AszTray.exe
C:\WINDOWS\system32\zstatus.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O3 - Toolbar: ÆE¾÷Aº ¾ßEA! Aø¹U·I A÷´UCI¼¼¿a. - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [System Medic] C:\Program Files\PCSECOM\PCSECOM.exe -mon
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.c..._2005_11_06.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.....cab?refid=1162
O16 - DPF: {8C8225BB-57B3-43CD-8974-01B3A7D765F4} (XBugsSign Control) - http://player.bugs.c..._2005_11_06.cab
O20 - Winlogon Notify: asnt3 - C:\WINDOWS\SYSTEM32\AsntDll.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MonSvcNT - AhnLab, Inc. - C:\PROGRA~1\Ahnlab\V3\MonSvcNT.exe
O23 - Service: SpyZero_Monitor - AhnLab, Inc. - C:\Program Files\AhnLab\AhnLab SpyZero 2.0\AszMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#12 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 31 May 2006 - 07:10 AM

Some of these files my have hidden atributes.
Set your system to show all files; Click Here if you're unsure how to do this.
The following have randomly named file names, and as such are normally malware.
Click start then my computer and follow their process tree.
Right click on the file and go to Properties.
Then go to the Version tab to see what company name it's from.


I would like to see a copy of:C:\WINDOWS\system32\conime.exe

Click start / then my computer / local disk then follow the process tree.
Or using Windows Explorer, locate the first file you want to zip.
Right click on the file and select Send To and Compressed (zipped) Folder.
This makes a copy it does not delete it.
Please zip the file and upload it here
Or email it here
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#13 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 31 May 2006 - 07:37 AM

Close all Browser and Program Windows and have HijackThis fix the following.
Do this by checking the box beside each and then clicking on Fix checked.


O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.....cab?refid=1162
O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)

Rescan with HJT and post a new log here.
Also please describe how your computer behaves at the moment
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#14 zadoo

zadoo

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 31 May 2006 - 07:50 AM

okay here's the hijackthis report...

Logfile of HijackThis v1.99.1
Scan saved at 9:43:53 AM, on 5/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Ahnlab\V3\MonSvcNT.exe
C:\Program Files\AhnLab\AhnLab SpyZero 2.0\AszMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Ahnlab\V3\MonSysNT.exe
C:\Program Files\Ahnlab\V3\V3P3AT.exe
C:\Program Files\Ahnlab\V3\V3IMPro.exe
C:\Program Files\AhnLab\AhnLab SpyZero 2.0\AszTray.exe
C:\WINDOWS\system32\zstatus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O3 - Toolbar: ÆE¾÷Aº ¾ßEA! Aø¹U·I A÷´UCI¼¼¿a. - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [System Medic] C:\Program Files\PCSECOM\PCSECOM.exe -mon
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.c..._2005_11_06.cab
O16 - DPF: {8C8225BB-57B3-43CD-8974-01B3A7D765F4} (XBugsSign Control) - http://player.bugs.c..._2005_11_06.cab
O20 - Winlogon Notify: asnt3 - C:\WINDOWS\SYSTEM32\AsntDll.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MonSvcNT - AhnLab, Inc. - C:\PROGRA~1\Ahnlab\V3\MonSvcNT.exe
O23 - Service: SpyZero_Monitor - AhnLab, Inc. - C:\Program Files\AhnLab\AhnLab SpyZero 2.0\AszMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe


right now all the "virus detected" icons that were on the task bar are gone, and I haven't seen any pop ups since the other day...

#15 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 31 May 2006 - 08:44 AM

Log looks clean. :thumbup:

Spybot S&D lets you kill the 04's, the startups. Start Spybot click mode at the top left,
make sure that advanced mode is checked. Then click on tools on the lower left.
Then system startup, to the right is a double arrow bar click it to expand.
Now clicking on a value you will get a description of the command line. Removing the green
check mark will stop the startup, should you decide that you need or want it back just
replace the check mark. Restarting your PC will complete the change.
Remove the check marks from the ones listed below.

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·