Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Greetings, Another Hjt Log, Tyvm. : )


  • This topic is locked This topic is locked
8 replies to this topic

#1 OMGHAI

OMGHAI

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 08 December 2007 - 04:38 PM

User experiences pop ups of false Windows errors leading to Setup file downloads. Even without using IE/FF. Spybot scans reveal nothing. User has installed at the moment, AVG, SPYBOT S&D, Spyware Doctor, HP Printer Support Software, Yahoo Messenger (extra garbage with that install can go besides the actual prog) and does visit worldwinner.com on a regular basis. Is that URL linked to malware btw? Thanks again. : )

**Also Attached**

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:33:08 PM, on 12/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\FarStone\GameDrive\VDTask.exe
C:\WINDOWS\vcdplayx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Nova\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\GameDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/share...GamesLoader.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v48/pool/pool.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49/bjattack/bjattack.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v47/blockwerx/blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129335232274
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41/freecell/freecell.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://www.worldwinner.com/games/v44/wordcube/wordcube.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v46/luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v64/swapit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O24 - Desktop Component 0: (no name) - http://www.worldwinner.com/cgi/nosession/getImage.pl?id=1704

--
End of file - 9632 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:54 AM

Posted 08 December 2007 - 05:55 PM

Hello OMGHAI,

Welcome to Bleeping Computer :thumbsup:

Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),

Also remove the checkmark from the the Lock Desktop Items box if it is checked.
Apply.
Apply and Exit Display properties.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 OMGHAI

OMGHAI
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 08 December 2007 - 10:11 PM

Thank you for your prompt response. : )


ComboFix 07-12-09.3 - Nova 2007-12-08 21:55:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.160 [GMT -5:00]
Running from: C:\Documents and Settings\Nova\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jared\Application Data\ErrorProtector Free
C:\Documents and Settings\Jared\Application Data\ErrorProtector Free\Logs\update.log
C:\Documents and Settings\Jared\ResErrors.log
C:\Documents and Settings\Matthew\Application Data\ErrorProtector Free
C:\Documents and Settings\Matthew\Application Data\ErrorProtector Free\Logs\update.log
C:\Documents and Settings\Matthew\ResErrors.log
C:\Documents and Settings\Michael\Application Data\ErrorProtector Free
C:\Documents and Settings\Michael\Application Data\ErrorProtector Free\Logs\update.log
C:\Documents and Settings\Michael\ResErrors.log
C:\Documents and Settings\Nova\ResErrors.log
C:\Documents and Settings\PERRY\Application Data\ErrorProtector Free
C:\Documents and Settings\PERRY\Application Data\ErrorProtector Free\Logs\update.log
C:\Documents and Settings\PERRY\ResErrors.log
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\knjcelkm.dat
c:\windows\system32\knjcelkm.exe
c:\WINDOWS\system32\knjcelkm_nav.dat
C:\WINDOWS\system32\knjcelkm_navps.dat
C:\WINDOWS\system32\nvs2.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent


((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.

2007-12-08 17:23 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-12-08 17:23 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-12-08 16:56 . 2007-12-08 17:02 130,508 --a------ C:\WINDOWS\HPHins13.dat
2007-12-08 16:56 . 2007-01-22 11:05 2,977 --------- C:\WINDOWS\hphmdl13.dat
2007-12-08 16:42 . 2007-12-08 16:42 <DIR> d-------- C:\Documents and Settings\Nova\Application Data\Printer Info Cache
2007-12-08 16:42 . 2007-12-08 16:42 <DIR> d-------- C:\Documents and Settings\Nova\Application Data\Image Zone Express
2007-11-23 11:14 . 2007-11-23 11:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2007-11-23 11:14 . 2007-11-23 11:14 130,509 --------- C:\WINDOWS\HPHins13.dat.temp
2007-11-23 11:14 . 2007-01-22 11:05 2,977 --------- C:\WINDOWS\hphmdl13.dat.temp
2007-11-23 11:00 . 2007-11-23 11:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2007-11-23 10:56 . 2007-12-08 16:58 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-23 10:54 . 2007-11-23 10:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-11-23 10:53 . 2006-12-30 15:49 117,760 --a------ C:\WINDOWS\system32\hpzll4v2.dll
2007-11-09 21:22 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-11-09 21:22 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-09 21:22 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-09 21:22 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 20:21 --------- d-----w C:\Documents and Settings\Matthew\Application Data\AVG7
2007-12-08 15:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-06 10:53 --------- d-----w C:\Program Files\Spyware Doctor
2007-12-05 21:37 --------- d-----w C:\Program Files\ZDaemon
2007-12-04 13:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-04 05:09 --------- d-----w C:\Documents and Settings\Michael\Application Data\AVG7
2007-11-23 16:00 --------- d-----w C:\Program Files\HP
2007-11-23 16:00 --------- d-----w C:\Program Files\Common Files\HP
2007-11-12 03:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-09 10:40 --------- d-----w C:\Documents and Settings\Jared\Application Data\AVG7
2007-10-29 02:03 79,688 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-29 02:03 62,280 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-29 02:03 41,288 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-29 02:03 29,000 ----a-w C:\WINDOWS\system32\drivers\kcom.sys
2007-10-27 15:37 --------- d-----w C:\Program Files\Coupons
2007-10-25 15:16 --------- d-----w C:\Documents and Settings\Nova\Application Data\AVG7
2007-10-19 23:46 --------- d-----w C:\Program Files\HP RecordNow
2007-10-17 14:51 --------- d-----w C:\Program Files\Java
2007-10-17 14:50 --------- d-----w C:\Program Files\Common Files\Java
2007-10-16 19:22 --------- d---a-w C:\Program Files\Support Tools
2007-10-16 19:22 --------- d-----w C:\Program Files\Apple Software Update
2007-10-16 19:13 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-16 19:12 --------- d-----w C:\Program Files\Your Uninstaller 2006
2007-10-16 19:10 --------- d-----w C:\Documents and Settings\Nova\Application Data\URSoft
2006-10-07 03:33 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-08-01 20:31 51,182 ----a-w C:\Documents and Settings\Michael\Uninstal.exe
2006-07-09 08:58 37,850 ----a-w C:\Documents and Settings\Michael\Delete YIPC.exe
2006-06-07 04:30 77,480 ----a-w C:\Documents and Settings\Jared\Uninstal.exe
2006-04-24 18:13 7,795,042 ----a-w C:\Documents and Settings\Jared\engine.exe
2006-03-26 11:30 427,546 ----a-w C:\Documents and Settings\Jared\game_properties.exe
2006-03-26 11:23 1,780,213 ----a-w C:\Documents and Settings\Jared\level_editor.exe
2006-03-25 22:25 370,449 ----a-w C:\Documents and Settings\Jared\Dev_Tool.exe
2006-03-20 17:10 13,085,992 ----a-w C:\Documents and Settings\Jared\halozero.exe
2005-12-14 16:48 54 ----a-w C:\Documents and Settings\Jared\safemode.bat
2005-10-11 23:10 151,771 ----a-w C:\Documents and Settings\Jared\finalboss_b.dat
2005-10-11 23:09 855,120 ----a-w C:\Documents and Settings\Jared\finalboss_a.dat
2005-10-11 23:06 651,593 ----a-w C:\Documents and Settings\Jared\secret2.dat
2005-10-11 23:06 1,022,473 ----a-w C:\Documents and Settings\Jared\secret.dat
2005-10-11 22:18 8,940,105 ----a-w C:\Documents and Settings\Jared\MWNDX.exe
2005-07-15 09:59 811,438 ----a-w C:\Documents and Settings\Jared\Super Mario Blue Twilight DX.exe
2005-07-12 22:59 654,387 ----a-w C:\Documents and Settings\Jared\manual.exe
2005-07-08 23:18 1,114,267 ----a-w C:\Documents and Settings\Jared\compatibility.exe
2005-06-16 09:55 27,415 ----a-w C:\Documents and Settings\Jared\commentary.dat
2003-11-08 08:23 286,208 ----a-w C:\Documents and Settings\Jared\Cncs232.dll
2000-12-07 01:18 360,468 ----a-w C:\Documents and Settings\Michael\Yoshi's Island PC.exe
2000-12-01 23:35 172,032 ----a-w C:\Documents and Settings\Michael\cncs32.dll
2000-02-28 23:26 92,660 ----a-w C:\Documents and Settings\Jared\bass.dll
1999-12-21 23:15 133,200 ----a-w C:\Documents and Settings\Michael\cncs.dll
1990-01-04 17:37 171,520 ----a-w C:\Documents and Settings\Jared\CNCS32.dll
1990-01-04 13:57 133,088 ----a-w C:\Documents and Settings\Jared\CNCS.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 17:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-01-15 07:33 C:\WINDOWS\system32\VTTimer.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-24 14:22]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 07:06]
"VirtualDrive"="C:\Program Files\FarStone\GameDrive\VDTask.exe" [2002-11-22 17:58]
"vcdplayx"="C:\WINDOWS\vcdplayx.exe" [2002-06-09 23:13]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 05:50]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-11 22:57]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 14:22]

C:\Documents and Settings\Nova\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2006-08-25 15:11:47]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2005-12-12 19:00:02]
PowerReg Scheduler.exe [2006-10-29 11:45:12]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R1 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys
R2 CdaD10BA;CdaD10BA;\??\C:\WINDOWS\System32\drivers\CdaD10BA.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\Nova\LOCALS~1\Temp\djgnekweZ6BIP7F.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 22:02:44
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-08 22:04:47 - machine was rebooted
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:27 PM, on 12/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\FarStone\GameDrive\VDTask.exe
C:\WINDOWS\vcdplayx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nova\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\GameDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/share...GamesLoader.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v48/pool/pool.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49/bjattack/bjattack.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v47/blockwerx/blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129335232274
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41/freecell/freecell.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://www.worldwinner.com/games/v44/wordcube/wordcube.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v46/luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v64/swapit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 9214 bytes

Attached Files



#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:54 AM

Posted 08 December 2007 - 10:17 PM

Hello,

You're welcome. :thumbsup: How is it running now??

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you won’t be able to access the Internet to view these instructions.

Please download AVG Anti-Spyware Free Edition and save that file to your desktop.

This is a 30-day trial of the program -- This means that after 30 days the "background guard" protection will be de-activated. However, this version can continue to be manually updated and used as an on-demand scanner forever.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the setup program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the top of the main screen select the "Update" icon, then under the "Manual update" section click the "Start update" button.
  • The update will start and a progress bar will show the updates being installed.
  • Once the update has completed (the progress bar will display "Update successful!") select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the "Settings" screen:
    • Click on "Recommended actions" -> select "Quarantine".
    • Under "Reports:" -> select "Do not automatically generate reports".
  • Close AVG Anti-Spyware. Please do NOT run a scan yet!
Next, please reboot your computer into Safe Mode by doing the following:
  • Reboot your computer.
  • After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again.
  • Instead of Windows loading as normal, a menu should appear.
  • Using the arrow keys on the keyboard, scroll to and select the "Safe Mode" menu item, and then press "Enter".
Then please run a scan with AVG Anti-Spyware:

IMPORTANT: Do NOT open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process.
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab. Click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  • Once the scan is complete do the following:
    • If you have any infections you will prompted, then select the "Apply all actions" button, AVG Anti-Spyware will then display "All actions have been applied" on the right hand side.
    • Next select the "Save Report" button at the bottom.
    • Then select the "Save report as" button in the lower left hand corner of the screen and save it as a text file on your system (make sure to remember where you saved that file, this is important!).
  • Close AVG Anti-Spyware and reboot your system normally into Windows. Please post the contents of the AVG Anti-Spyware report in your next reply, along with a new HijackThis log.
Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 OMGHAI

OMGHAI
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 08 December 2007 - 11:44 PM

Not sure if we are done yet, but just want to say again I appreciate the help very much, no pop ups so far. : )

BTW, forgot to clean out cookies on all the other user accounts, probably why the AVG AS report is so long, hehe.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:34:59 PM 12/8/2007

+ Scan result:



HKU\S-1-5-21-1708537768-1993962763-1343024091-1003_Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\EnableFullPage\.mqv -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7AF38FC7-56BC-4921-8446-50ED1A6F2969}\RP496\A0219661.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned.
:mozilla.167:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.168:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.169:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.170:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.171:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.172:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.173:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.174:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.175:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.176:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.177:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.202:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.411:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.555:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.655:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.427:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.7search : Cleaned.
:mozilla.428:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.7search : Cleaned.
:mozilla.154:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.155:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.156:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.157:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.158:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.159:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.353:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.354:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.100:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.101:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.102:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.214:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.215:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.216:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.217:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.218:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.219:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.220:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.221:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.95:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.96:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.97:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.98:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.99:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.117:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.118:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.119:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.120:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.121:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.82:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.83:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.84:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.85:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.86:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.32:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.23:C:\Documents and Settings\PERRY\Application Data\Mozilla\Firefox\Profiles\3dtukzll.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.142:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.316:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.520:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.521:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.522:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.254:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.566:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.251:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.252:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.253:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.365:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.366:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.367:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.197:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.198:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.199:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.200:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.201:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.202:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.203:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.204:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.205:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.206:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.207:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.208:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.209:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.307:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.308:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.309:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.310:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.311:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.312:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.313:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.314:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.605:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.15:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.31:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.409:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.646:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.290:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.291:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.292:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.293:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.494:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.495:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.496:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.498:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.18:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.19:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.20:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.21:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.22:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.23:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.70:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.71:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.72:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.73:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.74:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.76:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.77:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.17:C:\Documents and Settings\PERRY\Application Data\Mozilla\Firefox\Profiles\3dtukzll.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.182:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.232:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.25:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.517:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.518:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.519:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.697:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.165:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.166:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.301:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.306:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.468:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.408:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.425:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.434:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.435:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.371:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.372:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.405:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.406:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.575:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.576:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.577:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.151:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.152:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.153:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.154:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.155:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.156:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.157:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.158:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.318:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.319:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.320:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.321:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.322:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.323:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.324:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.325:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.326:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.419:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.420:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.421:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.423:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.249:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.250:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.390:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.391:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.379:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.618:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.619:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.620:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.621:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.622:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.467:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.196:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.197:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.198:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.199:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.200:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.201:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.203:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.204:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.205:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.206:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.207:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.208:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.233:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.234:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.236:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.237:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.238:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.240:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.243:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.244:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.245:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.258:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.514:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.316:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.317:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.318:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.329:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.330:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.331:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.294:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.295:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.296:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.297:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.298:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.299:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.300:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.328:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.332:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.333:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.334:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.335:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.336:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.337:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.457:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.122:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.123:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.124:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.125:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.126:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.128:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.129:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.130:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.239:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.240:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.241:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.242:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.500:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.501:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.502:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.503:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.504:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.505:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.507:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.39:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.40:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.41:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.42:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.43:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.44:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.45:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.46:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.47:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.48:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.49:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.50:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.51:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.68:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.69:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.70:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.71:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.72:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.73:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.74:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.75:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.76:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.77:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.78:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.79:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.80:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.81:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.82:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.83:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.84:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.346:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.347:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.348:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.349:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.350:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.567:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.568:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.569:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.570:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.571:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.64:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.8:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.325:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.595:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.100:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.101:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.102:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.103:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.62:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.63:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.65:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.66:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.67:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.68:C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\3nf0hidt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.98:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.99:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.526:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.527:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.528:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\mazioj3a.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:15 PM, on 12/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\FarStone\GameDrive\VDTask.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\vcdplayx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Nova\Desktop\HiJackThis.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\GameDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/share...GamesLoader.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v48/pool/pool.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49/bjattack/bjattack.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v47/blockwerx/blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129335232274
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41/freecell/freecell.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://www.worldwinner.com/games/v44/wordcube/wordcube.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v46/luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v64/swapit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 9473 bytes

Attached Files


Edited by OMGHAI, 08 December 2007 - 11:45 PM.


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:54 AM

Posted 08 December 2007 - 11:59 PM

Hello,

You're welcome. :thumbsup:

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: PowerReg Scheduler.exe
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer. How is it running now?

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 OMGHAI

OMGHAI
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 09 December 2007 - 12:09 AM

Things are looking great, no delays or pop ups, and one last time, TYVM! : ) BTW, do you guys know if www.worldwinner.com is on any malware black lists so to speak?

:thumbsup: My regards to the great Planet Texas. ; )

In case you wanted one last look.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:27 AM, on 12/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\FarStone\GameDrive\VDTask.exe
C:\WINDOWS\vcdplayx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Nova\My Documents\MalwareRemoval\HiJackThis.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\GameDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/share...GamesLoader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v48/pool/pool.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49/bjattack/bjattack.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v47/blockwerx/blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129335232274
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41/freecell/freecell.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://www.worldwinner.com/games/v44/wordcube/wordcube.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v46/luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v64/swapit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8325 bytes

Edited by OMGHAI, 09 December 2007 - 12:12 AM.


#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:54 AM

Posted 09 December 2007 - 12:27 AM

Hello,

Not that I know of, but as with anything you have to be careful what you click on while you're there. Some things might not be safe. :thumbsup: Glad things are running well. :blink:

If there are no further problems:

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

You should definitely maintain a firewall. Some good free firewalls are Kerio, or Outpost. I use Comodo on my own system and really like it. http://comodo.com
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:54 AM

Posted 13 December 2007 - 02:52 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users