Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Computer...and Fff.exe Virus?


  • This topic is locked This topic is locked
10 replies to this topic

#1 mysmartmouth

mysmartmouth

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 28 July 2007 - 02:48 PM

I've noticed that my computer has been running much slower than usual, so I did a ZoneAlarm Pro virus scan, and I noticed a file that couldn't be cleaned called fff.exe, located in C:\Documents and Settings\Sean\Local Settings\Temp.

It seemed fishy, so I looked it up on the internet, I came up with this. I have had a few of the same symptoms, most notably the occasional inability to type in online web forms such as this one, and this seems like a pretty potent threat.

So I need to somehow fix this problem...I have not deleted the file yet, should I?

Also, I have a suspicion that my computer has more malware/viruses than ZoneAlarm is showing me. So I attached my HijackThis log, and hopefully someone can tell me what I need to do to clean up my computer, and prevent future problems (I have a feeling ZAP isn't the best protection out there.)

Attached is my HijackThis log file:

Logfile of HijackThis v1.99.1
Scan saved at 3:47:36 PM, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\GizmoPlugin\GizmoPlugin.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\AKProg\AKProg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\Sean\Local Settings\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\USBSircs\usbsircs.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sean\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [MXOBG] C:\Documents and Settings\Sean\Local Settings\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Remocon Driver.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: =>Inglés - http:\\wordreference.com\es\en\j\iespen109.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5020} - C:\Harrisdirect\FlowHook.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NNSvc - Unknown owner - C:\Program Files\Net Nanny\nnsvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect Express HD\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Giga Pocket\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:19 AM

Posted 08 August 2007 - 02:35 PM

Hello mysmartmouth,


I (as well as MicroSoft, McAfee and Symantec) recommend that you DO NOT have more than one anti virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".

It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove one of these.
You may choose which one you leave.
ZoneAlarm Pro antivirus or AVAST antivirus

*******************************************



Download CCleaner and install it. (default location is best). Do not download the Beta version 2.0. Do not run it yet!

CCleaner Tutorial

*******************************************

Select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix."

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [MXOBG] C:\Documents and Settings\Sean\Local Settings\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5020} - C:\Harrisdirect\FlowHook.dll (file missing)
O23 - Service: NNSvc - Unknown owner - C:\Program Files\Net Nanny\nnsvc.exe (file missing)


This is an optional fix. The following is not necessarily spyware/malware, but I suggest you place a check mark next to the following entry, as this program may be taking up system resources.

O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe\"
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

CAUTION: Please do NOT use the Issues button. This is a built-in registry cleaner. If you don't know how to use it, you may cause irreparable damage to your system.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************


Reboot your computer.

Warning: The Kaspersky Online Scanner may not run successfully while any other Anti-Virus software is running. If you have Anti-Virus software installed, please temporarily disable your AntiVirus protection before running the Kaspersky Online Scanner. Reenable it after the scan is finished.

* Turn off the real time scanner of any existing antivirus program while performing the online scan
* If you're downloading torrents in the background, please disconnect all of them.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Please perform this online scan:

Kaspersky Webscan

This scan require Internet Explorer to run.
Read the Requirements and Privacy statement, then select "Accept"

A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
Select "Install" to download the ActiveX controls that allows ActiveScan to run.
When the download is complete it will say ready, click "Next"
Select a target to scan: Click on "My Computer"
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:Scan Archives
Scan Mail Bases


It does not provide an option to clean/disinfect.
When the scan is complete choose to save the results as "Save as Text"


Post a new Hijackthis log, the Kaspersky scan results and tell me how your computer is running.

Edited by SifuMike, 08 August 2007 - 02:41 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 mysmartmouth

mysmartmouth
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 09 August 2007 - 09:39 PM

I believe I am infected with something called Ardamax keylogger that my friend sent me. I need help deleting it. Anyways, The Kaspersky scanner would not scan all the way for me, but I have partial results from it:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, August 09, 2007 10:35:09 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 10/08/2007
Kaspersky Anti-Virus database records: 377821
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 47936
Number of viruses found: 4
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 00:35:03

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5E8943E4.tmp Infected: not-a-virus:AdWare.Win32.180Solutions.g skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\Devin\Local Settings\Temporary Internet Files\AntiPhishing\CAE33426-F44F-405C-9719-08FC9932048E.dat Object is locked skipped
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\AntiPhishing\CAE33426-F44F-405C-9719-08FC9932048E.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_134.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sajiv\Local Settings\Temporary Internet Files\AntiPhishing\CAE33426-F44F-405C-9719-08FC9932048E.dat Object is locked skipped
C:\Documents and Settings\Sangeeta\Local Settings\Temporary Internet Files\AntiPhishing\CAE33426-F44F-405C-9719-08FC9932048E.dat Object is locked skipped
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cert8.db Object is locked skipped
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\history.dat Object is locked skipped
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\key3.db Object is locked skipped
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\parent.lock Object is locked skipped
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Sean\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Sean\Desktop\file11354632.exe Infected: Trojan-Spy.Win32.Ardamax.e skipped
C:\Documents and Settings\Sean\Desktop\Folders\ca_setup.exe/WISE0017.BIN Infected: not-a-virus:PSWTool.Win32.Cain.288 skipped
C:\Documents and Settings\Sean\Desktop\Folders\ca_setup.exe/WISE0023.BIN Infected: not-a-virus:PSWTool.Win32.Cain.284 skipped
C:\Documents and Settings\Sean\Desktop\Folders\ca_setup.exe/WISE0025.BIN Infected: not-a-virus:PSWTool.Win32.Cain.284 skipped
C:\Documents and Settings\Sean\Desktop\Folders\ca_setup.exe WiseSFX: infected - 3 skipped








Here is the new HijackThis log file.






Logfile of HijackThis v1.99.1
Scan saved at 10:39:06 PM, on 8/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\GizmoPlugin\GizmoPlugin.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\AKProg\AKProg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\USBSircs\usbsircs.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Sean\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 202.108.12.194:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [HTV Agent] C:\Program Files\HTV\HTV.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Remocon Driver.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: =>Inglés - http:\\wordreference.com\es\en\j\iespen109.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect Express HD\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Giga Pocket\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

So how do I get rid of this Ardamax keylogger now? My friend can see everything I type!

Edited by mysmartmouth, 09 August 2007 - 09:40 PM.


#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:19 AM

Posted 10 August 2007 - 01:19 PM

Hello mysmartmouth,

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Documents and Settings\Sean\Desktop\file11354632.exe
    C:\Documents and Settings\Sean\Desktop\Folders\ca_setup.exe


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

***********************

I believe I am infected with something called Ardamax keylogger that my friend sent me. So how do I get rid of this Ardamax keylogger now? My friend can see everything I type!



This is the first time you mentioned a keylogger.
If you have Ardamax Keylogger on your computer, then it runs in hidden mode, preventing users from knowing it is active. It will NOT show under Uninstall list, the Task list, or the Application menu!

So why do you think you have it on this computer?

If it is there AVG antispyware will find it , as will Spybot 1.4.

Download, update and run Spybot 1.4
Spybot Tutorial



Download and install AVG Anti-Spyware v7.5.
  • After download, double click on the file to launch the install process.
  • Choose a language, click "OK" and then click "Next".
  • Read the "License Agreement" and click "I Agree".
  • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
  • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
  • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them unaccessible for doing a scan. If this is the case, press the WINKEY + M key to "Minimize" the AVG display. Then right-click on AVG in the Task Bar and select "Maximize". If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)

Scan with AVG Anti-Spyware as follows:
  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Do not automatically generate reports" and UNcheck "Only if threats were found".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
  • You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
  • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop.
    A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  • Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can can continue to use as an on-demand scanner or you may purchase a license to use the full version.

When done, submit the OTMoveIt log, the AVG Anti-Spyware 7.5 log and a fresh Hijackthis log.

Edited by SifuMike, 10 August 2007 - 01:30 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 mysmartmouth

mysmartmouth
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 10 August 2007 - 02:31 PM

Here is the OTMoveIt log:

C:\Documents and Settings\Sean\Desktop\file11354632.exe moved successfully.
C:\Documents and Settings\Sean\Desktop\Folders\ca_setup.exe moved successfully.

Created on 08/10/2007 15:30:04

I will post the AVG & HJT logs after I complete those steps, but I wanted to post that so I didn't lose it.

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:19 AM

Posted 10 August 2007 - 05:41 PM

OK. Post the AVG Antispyware log and & HJT log when complete. :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 mysmartmouth

mysmartmouth
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 10 August 2007 - 08:15 PM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:15:49 PM 8/10/2007

+ Scan result:



C:\WINDOWS\system32\dbxDgrevCheck.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\WINDOWS\system32\b4fm.dll -> Adware.BurnFree : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\Program Files\AWS\WeatherBug\Weather.exe -> Adware.WeatherBug : Cleaned with backup (quarantined).
C:\Program Files\HTV\HTV.004 -> Dropper.Agent.bit : Cleaned with backup (quarantined).
C:\_OTMoveIt\MovedFiles\Documents and Settings\Sean\Desktop\file11354632.exe -> Dropper.Agent.bit : Cleaned with backup (quarantined).
C:\Program Files\AKProg\AKProg.exe -> Not-A-Virus.Monitor.Win32.ActualSpy.2301 : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP1035\A0161820.exe -> Not-A-Virus.Monitor.Win32.ActualSpy.2301 : Cleaned with backup (quarantined).
C:\Program Files\AKProg\hprog.dll -> Not-A-Virus.Monitor.Win32.ActualSpy.252 : Cleaned with backup (quarantined).
C:\Program Files\AKProg\hkdll.dll -> Not-A-Virus.Monitor.Win32.ActualSpy.27 : Cleaned with backup (quarantined).
C:\Program Files\HTV\HTV.007 -> Not-A-Virus.Monitor.Win32.Ardamax.271 : Cleaned with backup (quarantined).
C:\WINDOWS\system32\28463\MMJA.007 -> Not-A-Virus.Monitor.Win32.Ardamax.271 : Cleaned with backup (quarantined).
C:\Program Files\HTV\HTV.003 -> Not-A-Virus.Monitor.Win32.Ardamax.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Sean\Desktop\lcp504en.exe/samdump.dll1 -> Not-A-Virus.PSWTool.Win32.PWDump.2 : Cleaned with backup (quarantined).
C:\Program Files\LCP\Data\pwdump2-orig\samdump.dll -> Not-A-Virus.PSWTool.Win32.PWDump.2 : Cleaned with backup (quarantined).
C:\Documents and Settings\Sean\Desktop\lcp504en.exe/pwservice.exe -> Not-A-Virus.PSWTool.Win32.PWDump3 : Cleaned with backup (quarantined).
C:\Documents and Settings\Sean\Desktop\lcp504en.exe/pwservice.exe3 -> Not-A-Virus.PSWTool.Win32.PWDump3 : Cleaned with backup (quarantined).
C:\Program Files\LCP\Data\pwdump3\pwservice.exe -> Not-A-Virus.PSWTool.Win32.PWDump3 : Cleaned with backup (quarantined).
C:\Program Files\LCP\Data\pwdump3e\pwservice.exe -> Not-A-Virus.PSWTool.Win32.PWDump3 : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.113:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Sajiv\Application Data\Mozilla\Firefox\Profiles\m4cqmj43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.120:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.121:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.122:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.123:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.124:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.125:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.126:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Sajiv\Application Data\Mozilla\Firefox\Profiles\m4cqmj43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.189:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.194:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@harpo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@kaboose.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sangeeta\Local Settings\Temp\Cookies\sangeeta@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@efashionsolutions.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@leeenterprises.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@newsinteractive.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@pluck.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@powellsbooks.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@stpetersburgtimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.72:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@4.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@ad.admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@www.adobe[2].txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.97:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.30:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.31:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.32:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.33:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:C:\Documents and Settings\Sajiv\Application Data\Mozilla\Firefox\Profiles\m4cqmj43.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.65:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.67:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.68:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.69:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Sangeeta\Local Settings\Temp\Cookies\sangeeta@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.11:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.15:C:\Documents and Settings\Sean\Application Data\Pioneers of the Inevitable\Songbird\Profiles\u7cxj1jh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.17:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.42:C:\Documents and Settings\Sajiv\Application Data\Mozilla\Firefox\Profiles\m4cqmj43.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Sangeeta\Local Settings\Temp\Cookies\sangeeta@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.130:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.63:C:\Documents and Settings\Sajiv\Application Data\Mozilla\Firefox\Profiles\m4cqmj43.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.693:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.102:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.73:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.146:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.147:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.35:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.37:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.38:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.141:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.142:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.143:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.39:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.40:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.41:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.42:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.43:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.44:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.45:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.569:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.80:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@ads.cnn[1].txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.155:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.58:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.68:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Sajiv\Cookies\sajiv@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@techrepublic.com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.21:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.36:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Sajiv\Cookies\sajiv@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Sangeeta\Local Settings\Temp\Cookies\sangeeta@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.148:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.149:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.18:C:\Documents and Settings\Sajiv\Application Data\Mozilla\Firefox\Profiles\m4cqmj43.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@e-2dj6wfkiwkdjggp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@e-2dj6wfkyakazidq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@e-2dj6wfmiugc5shp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@e-2dj6wgmiclczwlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Sajiv\Cookies\sajiv@e-2dj6wfkiogcpckp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Sajiv\Cookies\sajiv@e-2dj6wjl4ukajeko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Sajiv\Cookies\sajiv@e-2dj6wjlyekczaep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@e-2dj6wfk4knd5cao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@e-2dj6wjny-1gdpaa.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@e-2dj6wjnycgdzsaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@e-2dj6wjnyogc5cgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@e-2dj6wjligjajeco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.144:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.128:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.13:C:\Documents and Settings\Sajiv\Application Data\Mozilla\Firefox\Profiles\m4cqmj43.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.28:C:\Documents and Settings\Sajiv\Application Data\Mozilla\Firefox\Profiles\m4cqmj43.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.48:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.74:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.116:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.130:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.131:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.131:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.133:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.135:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.219:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.284:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.285:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.413:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.84:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.85:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.87:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.88:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.91:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.93:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@ehg-theactivenetwork.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@phg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sajiv\Cookies\sajiv@ehg-adteractive.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sajiv\Cookies\sajiv@ehg-wachovia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sajiv\Cookies\sajiv@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@ehg-hasbro.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@ehg-pizzahut.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@ehg-wachovia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@ehg-youtube.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@phg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@ehg-oreilly.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@ehg-viacom.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.392:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.157:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.158:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.548:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.549:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.550:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@searchportal.information[2].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
:mozilla.220:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.480:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.481:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.486:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.487:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.489:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.490:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.491:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@sales.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.479:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@image.masterstats[2].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.173:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.174:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.23:C:\Documents and Settings\Sajiv\Application Data\Mozilla\Firefox\Profiles\m4cqmj43.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.24:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.26:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Sajiv\Cookies\sajiv@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Sajiv\Cookies\sajiv@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
:mozilla.805:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.13:C:\Documents and Settings\Sean\Application Data\Pioneers of the Inevitable\Songbird\Profiles\u7cxj1jh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.14:C:\Documents and Settings\Sean\Application Data\Pioneers of the Inevitable\Songbird\Profiles\u7cxj1jh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.168:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.169:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.123:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.124:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.195:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.145:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.316:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Sajiv\Cookies\sajiv@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.135:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.136:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.137:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.138:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.19:C:\Documents and Settings\Sajiv\Application Data\Mozilla\Firefox\Profiles\m4cqmj43.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.22:C:\Documents and Settings\Sajiv\Application Data\Mozilla\Firefox\Profiles\m4cqmj43.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.64:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.65:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Sajiv\Cookies\sajiv@real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned.
:mozilla.100:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.598:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.98:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.99:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.36:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.37:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.38:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.39:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.79:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.80:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.81:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.82:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.83:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Sajiv\Cookies\sajiv@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.114:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.41:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.42:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.43:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Sangeeta\Local Settings\Temp\Cookies\sangeeta@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.117:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.118:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.119:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.120:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.121:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.122:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@counter10.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@counter12.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@counter13.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@counter4.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@counter9.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@sextracker[3].txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.128:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.129:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.152:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.59:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.60:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.61:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.62:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.63:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@spylog[1].txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.205:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.206:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.100:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.101:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.102:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.103:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.104:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.105:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.106:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.107:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.108:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.109:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.110:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.111:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.112:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.113:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.114:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.115:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.116:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.117:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.118:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.11:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.12:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.54:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.55:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.69:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.70:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.71:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.72:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.73:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.74:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.75:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.76:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.77:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.78:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.79:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.80:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.81:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.82:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.83:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.84:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.85:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.86:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.87:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.88:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.89:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.90:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.91:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.92:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.93:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.94:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.95:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.96:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.97:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.98:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.99:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.590:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.591:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.592:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.593:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.594:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.595:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.596:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.597:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.20:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.95:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.132:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.441:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.442:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.443:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.61:C:\Documents and Settings\Sajiv\Application Data\Mozilla\Firefox\Profiles\m4cqmj43.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.62:C:\Documents and Settings\Sajiv\Application Data\Mozilla\Firefox\Profiles\m4cqmj43.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.199:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.458:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.366:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\0huh6fkl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.71:C:\Documents and Settings\Sajiv\Application Data\Mozilla\Firefox\Profiles\m4cqmj43.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.81:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.61:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.62:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.63:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.64:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.96:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.97:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.98:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Devin\Cookies\devin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.10:C:\Documents and Settings\Sean\Application Data\Pioneers of the Inevitable\Songbird\Profiles\u7cxj1jh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.11:C:\Documents and Settings\Sean\Application Data\Pioneers of the Inevitable\Songbird\Profiles\u7cxj1jh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.12:C:\Documents and Settings\Sean\Application Data\Pioneers of the Inevitable\Songbird\Profiles\u7cxj1jh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.134:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.135:C:\Documents and Settings\Devin\Application Data\Mozilla\Firefox\Profiles\8yfr5jg8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.152:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.153:C:\Documents and Settings\Sangeeta\Application Data\Mozilla\Firefox\Profiles\g0avpgps.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.7:C:\Documents and Settings\Sean\Application Data\Pioneers of the Inevitable\Songbird\Profiles\u7cxj1jh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.8:C:\Documents and Settings\Sean\Application Data\Pioneers of the Inevitable\Songbird\Profiles\u7cxj1jh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.9:C:\Documents and Settings\Sean\Application Data\Pioneers of the Inevitable\Songbird\Profiles\u7cxj1jh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Sangeeta\Cookies\sangeeta@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
D:\Setup Files\Norton Ghost.exe/Norton Ghost v9.0_KeyGen.exe -> Trojan.Keygen.s : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld10BA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld136.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2E9F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld37A6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld37A8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4E1A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld63E6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA88D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldBA9B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC363.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldCD64.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldDE6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE6BE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF11A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF88D.tmp -> Trojan.Small : Cleaned with backup (quarantined).


::Report end



HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 8:39:21 PM, on 8/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\GizmoPlugin\GizmoPlugin.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\USBSircs\usbsircs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sean\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 202.108.12.194:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [HTV Agent] C:\Program Files\HTV\HTV.exe
O4 - HKLM\..\Run: [MMJA Agent] C:\WINDOWS\system32\28463\MMJA.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Remocon Driver.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: =>Inglés - http:\\wordreference.com\es\en\j\iespen109.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect Express HD\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Giga Pocket\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:19 AM

Posted 10 August 2007 - 09:47 PM

Hello mysmartmouth,




C:\Program Files\AKProg\AKProg.exe -> Not-A-Virus.Monitor.Win32.ActualSpy.2301 : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP1035\A0161820.exe -> Not-A-Virus.Monitor.Win32.ActualSpy.2301 : Cleaned with backup (quarantined).
C:\Program Files\AKProg\hprog.dll -> Not-A-Virus.Monitor.Win32.ActualSpy.252 : Cleaned with backup (quarantined).
C:\Program Files\AKProg\hkdll.dll -> Not-A-Virus.Monitor.Win32.ActualSpy.27 : Cleaned with backup (quarantined).
C:\Program Files\HTV\HTV.007 -> Not-A-Virus.Monitor.Win32.Ardamax.271 : Cleaned with backup (quarantined).
C:\WINDOWS\system32\28463\MMJA.007 -> Not-A-Virus.Monitor.Win32.Ardamax.271 : Cleaned with backup (quarantined).
C:\Program Files\HTV\HTV.003 -> Not-A-Virus.Monitor.Win32.Ardamax.o : Cleaned with backup (quarantined).



Looks like you had two keyloggers. :thumbsup: One of them can only be installed manually. Did your parents install it?

How did you know you had Ardamax on your computer? It is invisible - so did your parents install it on your computer?



We have some items to clean up in your log.


Select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix."
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)


Let's empty the temp files:

Run CCleaner.

Reboot to the Normal Mode

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

1. Download this file - combofix.exe to your Desktop.
Note:
It is important that it is saved directly to your desktop

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post the ComboFix  log and a fresh Hijackthis log in your next reply.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
 
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Edited by SifuMike, 10 August 2007 - 09:52 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 mysmartmouth

mysmartmouth
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 10 August 2007 - 11:32 PM

I will do this, thanks.

To answer your question, my friend showed me what he used on my computer, and it was called Ardamax. Actual Keylogger is a program I installed a while back to monitor usage of this computer, and then forgot all about. I guess it can be manually uninstalled, but that's not a priority.

Thanks a lot for your help. I would make a donation, but I have no money :thumbsup: Is there anything else I can do for you though? I really appreciate you taking your time to help me.

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:19 AM

Posted 10 August 2007 - 11:45 PM

We are not done yet. :thumbsup: You still may have some malware on your computer so post the ComobFix log.

Dont worry about a donation, as that is not required. I too had no money when I was young. :flowers:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:19 AM

Posted 17 August 2007 - 04:40 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users