Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help Me


  • This topic is locked This topic is locked
43 replies to this topic

#1 utopist1

utopist1

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 21 March 2006 - 08:03 PM

Hi - This is my kids computer abd they have what seems to be a few viruses - here is the log file - any help would be appreciated. Thank you - utopist1

Logfile of HijackThis v1.99.1
Scan saved at 6:58:00 PM, on 3/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\77A0.tmp
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Owner\My Documents\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/0409/xm...dir.asp?Ext=fla
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F3 - REG:win.ini: load=C:\WINDOWS\System32\rjbxnq\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\rjbxnq\csrss.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_3_12_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\pkykkq.exe reg_run
O4 - HKLM\..\Run: [jqxqh] C:\WINDOWS\jqxqh.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20004\services.exe
O4 - HKLM\..\Run: [sysvx] C:\WINDOWS\sysvx_.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [wifi] C:\PROGRA~1\COMMON~1\wifi\wifim.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20004\services.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Owner\LOCALS~1\Temp\12.tmp
O4 - HKCU\..\Run: [BraveSentry] C:\Program Files\BraveSentry\BraveSentry.exe
O4 - Startup: csrss.lnk = ?
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: BT2Net.lnk = C:\Program Files\BT2Net\bt2net.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: oipi.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .MID: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Mixer - C:\WINDOWS\SYSTEM32\sndmixex.dll
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O21 - SSODL: Agere Systems Soft Modem - {3C06DEF6-36D5-509D-AD63-F010FD604338} - \winqvjcbh6.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_14.dll
O21 - SSODL: lwNoFEKdkBT - {CC1D9986-66B7-332C-D5FE-FBECAFA4CF95} - C:\WINDOWS\System32\lbu.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing)
O23 - Service: csrss - Unknown owner - C:\WINDOWS\cfrss.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:06:11 AM

Posted 26 March 2006 - 07:24 PM

utopist1,

Welcome to Bleeping Computer, let me tell ya, your kids have gotten this computer into quite a mess.


DO THIS FIRST
Your HIJACKTHIS program is current, but it is very important that it resides in its own folder.
We will use Hijackthis (HJT) to make changes to your system and HJT will make backups of those changes,
If HJT is not in its own folder, those backups could be lost.

Easy to fix,
* just go to MY COMPUTER > YOUR C:\ DRIVE and create a new folder and name it HIJACKTHIS .
* Now scroll to where you have HJT currently, right click on the HJT icon and select CUT .
* Now open the new folder you just created and right click within that folder and select PASTE .
* Now HJT should reside in C:\HIJACKTHIS\HIJACKTHIS.EXE


Please dont proceed until you move HJT



You may want to print this out as we will be off the internet for part of the fix.


Go to the Ad-Remove programs in the Control Panel and uninstall Limewire, the kids will be mad but its a hotbed of downloading all kinds of garbage like some of the bad stuff you have on this system.



* Click on MY COMPUTER
* Then on your C: Drive
* Then to TOOLS/ FOLDER OPTIONS/ VIEW
* Choose the radio button to SHOW HIDDEN FILES AND FOLDERS
* Take the checkmark out of HIDE EXTENSIONS FOR KNOWN FILE TYPES
* Then APPLY/ OK



We need to disable 2 running services so we can delete them. I have the services you need to disable in the quote box.

Command Service (cmdService) <-- Could be listed either way
Network Monitor



* Go to Start> Run and type in services.msc then press Enter
* Scroll down to Each service in the Quote box
* Double Click that service to open it.
* Click on Stop Service.
* Then change the Startup Type to Disabled.
* OK your way out of the program.



Download and install Ewido Anti-Malware
Ewido Anti-Malware
* When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu
* Launch Ewido, there should be an icon on your desktop for it to double-click.
o Click on update
o You should see Update Complete when done.
o Now close out the program <-- Dont run it yet


Now reboot into Safemode
To Enter SAFEMODE

* Go to START/ SHUT OF YOUR COMPUTER/ RESTART
* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
* Use the UP AND DOWN ARROW KEYS to scroll up to SAFEMODE
* Then press the ENTER KEY ON YOUR KEYBOARD


Now open Ewido
o Click on scanner.
o Run a full system scan
o Let the program scan the machine.
o While the scan is in progress you will be prompted to clean files, click OK.
o Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
o Click Save report.
o Save the report to your desktop.


While in Safemode, open HJT Scan Only ( You did move it didn't you ), close all open windows , put a checkmark in the following entries and click on Fix Checked


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
F3 - REG:win.ini: load=C:\WINDOWS\System32\rjbxnq\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\rjbxnq\csrss.exe
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\pkykkq.exe reg_run
O4 - HKLM\..\Run: [jqxqh] C:\WINDOWS\jqxqh.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20004\services.exe
O4 - HKLM\..\Run: [sysvx] C:\WINDOWS\sysvx_.exe
O4 - HKCU\..\Run: [wifi] C:\PROGRA~1\COMMON~1\wifi\wifim.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20004\services.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: BT2Net.lnk = C:\Program Files\BT2Net\bt2net.exe
O4 - Global Startup: oipi.exe
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O20 - Winlogon Notify: Mixer - C:\WINDOWS\SYSTEM32\sndmixex.dll
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_14.dll
O21 - SSODL: lwNoFEKdkBT - {CC1D9986-66B7-332C-D5FE-FBECAFA4CF95} - C:\WINDOWS\System32\lbu.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)



Look for and delete the files in Red

C:\Program Files\Network Monitor
C:\Program Files\LimeWire
C:\Program Files\Common Files\wifi
C:\WINDOWS\IA
C:\WINDOWS\inet20004
C:\WINDOWS\jqxqh.exe
C:\WINDOWS\sysvx_.exe
C:\Windows\xpupdate.exe
C:\WINDOWS\System32\kernels8.exe
C:\WINDOWS\System32\pkykkq.exe
C:\WINDOWS\System32\rjbxnq
C:\WINDOWS\SYSTEM32\sndmixex.dll
C:\WINDOWS\SYSTEM32\msupdate32.dll
C:\WINDOWS\System32\dcom_14.dll
C:\WINDOWS\System32\lbu.dll

You need to search for this one
oipi.exe


Reboot normally


Download and Install CCleaner

* Click on Run Cleaner
* Run the Issues Scan < When it asks you to backup the Registry..Say Yes

Tutorial for CCleaner


This is what I need to proceed,

1. The report from Ewido
2. A new HJT log.

Ken :thumbsup:

Edited by ken545, 26 March 2006 - 07:26 PM.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#3 utopist1

utopist1
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 27 March 2006 - 10:27 PM

Ken - thanks for your reply - I have two problems to start - I cannot find limewire in the add/remove progs. Also when I click on the command service I cannot click on the stop service button, as the whole row is not able to be clicked on - I tried numerous things to get it to be clickable but no such luck - I didn't want to proceed with the rest of the instructions until I completed the first ones you gave me - I do have HJT in it's own folder and I was able to stop services on network monitor. Thanks so much for your help - please advise - utopist1

Edited by utopist1, 27 March 2006 - 10:29 PM.


#4 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:06:11 AM

Posted 28 March 2006 - 07:06 AM

Good Morning utopist1,

I would stongly suggest that you stay off the internet except for checking in here until your clean because what you have acts like a magnet for other infections

There is a entry on your log for Limewire, sometimes it wont be listed in the add-remove programs so dont worry about just now, but be sure to delete the entry when you run HJT in the later part of the fix.


Reboot your computer and lets look for it again, it is running as a service so it has to be listed
* Go to Start> Run and type in services.msc then press Enter
* Scroll down to Command Service
* Double Click that service to open it.
* Click on Stop Service.
* Then change the Startup Type to Disabled.
* OK your way out of the program.


Oepn up HJT > Misc Tools> Delete and NT Service and enter cmdService click ok and close HJT.

Then proceed with the rest of the fix as I have it listed.

Ken :thumbsup:

Edited by ken545, 28 March 2006 - 07:48 AM.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#5 utopist1

utopist1
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 28 March 2006 - 11:02 PM

Ken - thanks again - sorry if I am becoming a pest - I can find the command service I just can't click on "stop" - none of the radio buttons are lit up to allow them to be clicked on (sorry I don't know the technical term for any of that) The service status says "started" but then the "start," "stop," "pause," "resume" buttons are all non-clickable. Arrrgg Thanks again for your help I truly appreciate it. I will be thinking hard on a good way to get my kids back for this one!! hehe J/K Thanks again Utopist1

#6 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:06:11 AM

Posted 29 March 2006 - 06:52 AM

utopist1,

Have you proceeded with the rest of the fix?? We can work on the cmdservice later on down the line. If and when you finish with the rest of the fixes, post back with the Ewido report and a new HJT log so I can see whats been accomplished and what is left to do.

Ken :thumbsup:

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#7 utopist1

utopist1
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 31 March 2006 - 06:57 PM

ok Ken - here are the log files - I am having a hard time posting the log files I might have to do it in two or three posts

Logfile of HijackThis v1.99.1
Scan saved at 5:49:38 PM, on 3/31/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\cfrss.exe
C:\WINDOWS\protect.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\windows\mousepad6.exe
C:\WINDOWS\kvlakvgA.exe
C:\WINDOWS\errorhandler.exe
C:\WINDOWS\ms0575387-8704.exe
C:\WINDOWS\sys10-870475387.exe
C:\WINDOWS\win32097-87047538.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\wjlmizgA.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\BraveSentry\BraveSentry.exe
C:\Program Files\EQAdvice\EQAdvice.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
c:\windows\mousepad7.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\System32\slk8x2peu.exe
C:\WINDOWS\System32\e6tw76cpw.exe
C:\WINDOWS\ms030475387-87.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\rundll32.exe
c:\windows\system32\qodsregq.exe
C:\WINDOWS\System32\swinprag.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/0409/xm...dir.asp?Ext=fla
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\ttmia.exe
F2 - REG:system.ini: UserInit=userinit.exe,epsmkvc.exe
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_3_12_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [keyboard] c:\windows\keyboard7.exe
O4 - HKLM\..\Run: [mousepad] c:\windows\mousepad7.exe
O4 - HKLM\..\Run: [kvlakvgA] C:\WINDOWS\kvlakvgA.exe
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [ms0575387-8704] C:\WINDOWS\ms0575387-8704.exe
O4 - HKLM\..\Run: [sys0270475387-8] C:\WINDOWS\sys0270475387-8.exe
O4 - HKLM\..\Run: [sys10-870475387] C:\WINDOWS\sys10-870475387.exe
O4 - HKLM\..\Run: [win32097-87047538] C:\WINDOWS\win32097-87047538.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [w0063c50.dll] RUNDLL32.EXE w0063c50.dll,I2 0000387c00063c50
O4 - HKLM\..\Run: [wjlmizgA] C:\WINDOWS\wjlmizgA.exe
O4 - HKLM\..\Run: [w008cd5b.dll] RUNDLL32.EXE w008cd5b.dll,I2 0000387c0008cd5b
O4 - HKLM\..\Run: [newname] c:\windows\newname7.exe
O4 - HKLM\..\Run: [w04a6634.dll] RUNDLL32.EXE w04a6634.dll,I2 0000387c004a6634
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [ms030475387-87] C:\WINDOWS\ms030475387-87.exe
O4 - HKLM\..\Run: [CQ4d6] "C:\WINDOWS\System32\slk8x2peu.exe"
O4 - HKLM\..\Run: [{D9-99-98-85-ZN}] c:\windows\system32\qodsregq.exe CORN001
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [BraveSentry] C:\Program Files\BraveSentry\BraveSentry.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: csrss.lnk = ?
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: Z_Start.lnk = C:\ZICORN001.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing
O12 - Plugin for .MID: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {D332110E-3EDB-417B-B8E2-297B61C074C6} - C:\WINDOWS\System32\OUGHYA~1.DLL
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\db8vb.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)
O21 - SSODL: Agere Systems Soft Modem - {3C06DEF6-36D5-509D-AD63-F010FD604338} - \winqvjcbh6.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: csrss - Unknown owner - C:\WINDOWS\cfrss.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Microsoft Windows XP Firewall SP3 - Unknown owner - C:\WINDOWS\protect.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\kvlakvg.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Edited by utopist1, 31 March 2006 - 07:09 PM.


#8 utopist1

utopist1
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 31 March 2006 - 07:11 PM

here is ewido:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:14:24 AM, 3/31/2006
+ Report-Checksum: FC0522A5

+ Scan result:

HKLM\SOFTWARE\ClickSpring -> Adware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6001CDF7-6F45-471b-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-3129800862-1678232068-687263820-1003\Software\dsktb -> Adware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-3129800862-1678232068-687263820-1003\Software\dsktb\DesktopToolbar -> Adware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-3129800862-1678232068-687263820-1003\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-3129800862-1678232068-687263820-1003\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
[1152] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup
[1244] C:\WINDOWS\System32\jrueryn.dll -> Downloader.Qoologic.bj : Cleaned with backup
C:\CFusionMX7\Macromedia_ColdFusion_MX_7_InstallLog.log -> Backdoor.Sensive.51 : Cleaned with backup
C:\comscore.exe -> Dropper.Agent.hl : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Linkbuddies : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmc33jix.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.40:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.41:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.42:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.43:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.44:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.45:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.46:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.47:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.48:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.49:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.50:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.56:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.58:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.62:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.98:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.99:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.100:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.101:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.102:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.103:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.104:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.105:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.106:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.107:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.108:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.109:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.110:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.111:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.112:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.113:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.114:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.118:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.119:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.121:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.122:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.123:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.124:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.125:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.126:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.127:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.130:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.131:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.132:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.133:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.134:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.135:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.136:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.137:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.138:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.139:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.149:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.150:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.151:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.152:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.153:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.154:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.155:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.156:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.157:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.158:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.159:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.176:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.177:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.178:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.179:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.180:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.220:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.221:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.227:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.228:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.229:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.242:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.243:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.258:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.259:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.261:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.262:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.263:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.280:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.281:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.282:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.283:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.284:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.285:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.286:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.287:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.304:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.336:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.337:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.338:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.400:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.401:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.407:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.408:C:\Documents and Settings\megan\Application Data\Mozilla\Firefox\Profiles\0nvn6tey.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\megan\Cookies\megan@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\megan\Cookies\megan@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\megan\Cookies\megan@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\megan\Cookies\megan@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\megan\Cookies\megan@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\megan\Cookies\megan@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\megan\Cookies\megan@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\megan\Cookies\megan@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\megan\Cookies\megan@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\megan\Cookies\megan@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\megan\Cookies\megan@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\megan\Cookies\megan@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\megan\Cookies\megan@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\megan\Cookies\megan@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\megan\Cookies\megan@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\megan\Local Settings\Temp\temp.fr43F6\zango.exe -> Adware.180Solutions : Cleaned with backup
C:\Documents and Settings\megan\Local Settings\Temp\temp.fr43F6\zangohook.dll -> Adware.180Solutions : Cleaned with backup
:mozilla.13:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.14:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.17:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.20:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.23:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.25:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.26:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.27:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.28:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.29:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.31:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.32:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.33:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.36:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.38:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.41:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.42:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.43:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.44:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.45:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.46:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.47:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.48:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.49:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.50:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.53:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.54:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.55:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.56:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.57:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.61:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.64:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.65:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.67:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.69:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.94:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.95:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.98:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup
:mozilla.100:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.105:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.106:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.107:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.108:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.109:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.110:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.111:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.112:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.113:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.114:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.115:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.116:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.117:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.118:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.125:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.127:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.129:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.130:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.131:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.141:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.142:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.148:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.149:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.156:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.157:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup
:mozilla.158:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.159:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.160:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.161:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.162:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.163:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.164:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.165:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.166:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.167:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.168:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.169:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.170:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.171:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.179:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.184:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.185:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.196:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.202:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.203:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.204:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.205:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.206:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.210:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.211:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.216:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.217:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.218:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.219:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.220:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.221:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.222:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.223:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.224:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.225:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.226:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.227:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.228:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.230:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.231:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.235:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.236:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.237:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.238:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.239:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.245:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.247:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.248:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.249:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.250:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.251:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.252:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.253:C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Application Data\Mozilla\Firefox\Profiles\vhgo5xtx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Local Settings\Temp\2.qtdfmp -> Not-A-Virus.Hoax.Win32.Renos.bt : Cleaned with backup
C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Local Settings\Temp\5.qtdfmp -> Downloader.Small.cnz : Cleaned with backup
C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Local Settings\Temp\6.qtdfmp -> Downloader.Tibs.dl : Cleaned with backup
C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Local Settings\Temp\7.qtdfmp -> Downloader.Tibs.dm : Cleaned with backup
C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Local Settings\Temp\Del70.tmp -> Adware.180Solutions : Cleaned with backup
C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Local Settings\Temp\maxdd.game -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Local Settings\Temp\vx2.game -> Hijacker.Agent.fk : Cleaned with backup
C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Local Settings\Temp\vx3.game -> Downloader.CWS.s : Cleaned with backup
C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Local Settings\Temp\vxt2.game -> Downloader.Small.skn : Cleaned with backup
C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Local Settings\Temp\ybafdhjg.exe -> Hijacker.Small.cc : Cleaned with backup
C:\Documents and Settings\megan.YOUR-RTMEJESVBC\Local Settings\Temporary Internet Files\Content.IE5\M08YSL8J\runfile[1].exe -> Hijacker.Small.cc : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\

#9 utopist1

utopist1
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 31 March 2006 - 07:13 PM

:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\!update.exe -> Downloader.PurityScan.w : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\1.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\12.tmp -> Logger.Small.ak : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\2BB0.tmp -> Trojan.Agent.fs : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\C8DFE.tmp/slk8x2peu.exe -> Adware.Suggestor : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\C8DFE.tmp/faotvpap7.exe -> Trojan.Runner.h : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\echo.exe -> Dropper.Small.qn : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\erlzqmms.exe -> Hijacker.Small.cc : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\f266203.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\f426359.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\gokm.exe -> Downloader.Agent.afi : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\i101.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\i11.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\iF3.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\MONEY1.exe -> Downloader.Adload.t : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\msdoc.exe -> Trojan.Sinowal.b : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\optimize.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\qvxt3.game -> Downloader.Tiny.ap : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\rsysinit.exe -> Trojan.ExitWin.z : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\rymqvhaj.exe -> Hijacker.Small.cc : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\tp7543.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Transpd.dll -> Adware.Agent : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\uknvihmw.exe -> Dropper.Agent.ail : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\vx1.game -> Downloader.Small.cop : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\vx2.game -> Hijacker.Agent.fk : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\vx6.game -> Downloader.Small.cof : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\vxt2.game -> Downloader.Small.skn : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\wdhztzhb.exe -> Hijacker.Small.cc : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\25KV07AZ\runfile[1].exe -> Hijacker.Small.cc : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\W3KRI9AJ\stub[1].exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\DeerHunter-dm.exe -> Adware.Trymedia : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\DeerHunter2005_Setup-dm.exe -> Adware.Trymedia : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\DH2004Setup-dm.exe -> Adware.Trymedia : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\My Received Files\my best game.zip/My best game.exe -> Trojan.CD_open.f : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\SecondSightSetup-dm.exe -> Adware.Trymedia : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\TimeToRideSetup-dm.exe -> Adware.Trymedia : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\ToEESetup-dm.exe -> Adware.Trymedia : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\Unzipped\my best game\My best game.exe -> Trojan.CD_open.f : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\zeSetup-dm.exe -> Adware.Trymedia : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\ZooVet-dm.exe -> Adware.Trymedia : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\аssembly\mmc.exe -> Downloader.PurityScan.bw : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\Мicrosoft\nopdb.exe -> Downloader.PurityScan.w : Cleaned with backup
C:\drsmartload46a.exe -> Downloader.Adload.af : Cleaned with backup
C:\hijackthis\backups\backup-20050820-133627-632.dll -> Adware.Agent : Cleaned with backup
C:\hijackthis\backups\backup-20060321-164455-934.dll -> Adware.180Solutions : Cleaned with backup
C:\installerwnus.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\krw1dn.exe -> Downloader.Agent.afi : Cleaned with backup
C:\ld.exe -> Downloader.Small.cke : Cleaned with backup
C:\ld.exe.bak -> Downloader.Small.cke : Cleaned with backup
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\OEM.exe -> Proxy.Small.ec : Cleaned with backup
C:\OEM.exe.bak -> Proxy.Small.ec : Cleaned with backup
C:\Program Files\BraveSentry\wxfjug3.dll -> Trojan.Zapchast : Cleaned with backup
C:\Program Files\Common Files\Java\flacpy.cfg -> Adware.FlashEnhancer : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll -> Trojan.Sinowal.b : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00005.exe -> Trojan.Sinowal.b : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00006.dll -> Trojan.Sinowal.b : Cleaned with backup
C:\Program Files\Common Files\VCClient\SS1001.exe -> Dropper.Small.qn : Cleaned with backup
C:\Program Files\hpdll\hpdll.exe -> Downloader.VB.ku : Cleaned with backup
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\uninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\uninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\Ssk.exe -> Adware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskBho.dll -> Adware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskCore.dll -> Adware.SurfSide : Cleaned with backup
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20050929113025.zip/Program Files/common files/uninstall information/RemoveDisplayUtility.exe -> Adware.DelphinMediaViewer : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20051102015104.zip/Program Files/fla/f.bak -> Adware.FlashEnhancer : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20051102015104.zip/Program Files/fla/Fla.dll -> Adware.FlashEnhancer : Cleaned with backup
C:\Program Files\Yazzle Sudoku\Sudoku.exe -> Dropper.VB.kk : Cleaned with backup
C:\Program Files\Zango Programs\David Vs. Goliath\ZangoLib.dll -> Adware.180Solutions : Cleaned with backup
C:\Program Files\Zango Programs\Zango Toolbar\ZangoTBUninstaller.exe -> Adware.180Solutions : Cleaned with backup
C:\stub.exe -> Dropper.Agent.hl : Cleaned with backup
C:\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\winchcyz32.dll -> Proxy.Agent.jm : Cleaned with backup
C:\WINDOWS\avalon_4.txt -> Trojan.Agent.fs : Cleaned with backup
C:\WINDOWS\bundles\CSv12P108.exe -> Adware.ClearSearch : Cleaned with backup
C:\WINDOWS\bundles\trade.exe -> Dropper.Small.rn : Cleaned with backup
C:\WINDOWS\CheckS02.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaAccX.dll -> Adware.WinAD : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\EPXActiveX.ocx -> Dropper.Agent.or : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\EPXActiveX.ocx -> Dropper.Agent.or : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UERS_0001_N68M1801NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0715NetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.e : Cleaned with backup
C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\IA\command.exe -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\Installer.exe -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\keyboard4.exe -> Downloader.VB.zk : Cleaned with backup
C:\WINDOWS\keyboard5.exe -> Downloader.VB.zl : Cleaned with backup
C:\WINDOWS\kvlakvg.exe -> Hijacker.VB.ij : Cleaned with backup
C:\WINDOWS\mousepad4.exe -> Hijacker.VB.lv : Cleaned with backup
C:\WINDOWS\mousepad5.exe -> Hijacker.VB.ly : Cleaned with backup
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\mynexus.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\newname4.exe -> Downloader.Adload.ae : Cleaned with backup
C:\WINDOWS\newname5.exe -> Downloader.Adload.ae : Cleaned with backup
C:\WINDOWS\newname6.exe -> Downloader.Adload.ae : Cleaned with backup
C:\WINDOWS\offun.exe -> Downloader.VB.nw : Cleaned with backup
C:\WINDOWS\pms111x.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\SYSC00.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\system32\2.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\abrada.exe -> Logger.Agent.jt : Cleaned with backup
C:\WINDOWS\system32\abradal.dll -> Logger.Agent.jt : Cleaned with backup
C:\WINDOWS\system32\abradaload.dll -> Logger.Agent.jt : Cleaned with backup
C:\WINDOWS\system32\AdService.dll -> Downloader.Small.cml : Cleaned with backup
C:\WINDOWS\system32\CCCCCECACDD0C.exe -> Trojan.VB.aft : Cleaned with backup
C:\WINDOWS\system32\comdlg64.dll -> Rootkit.Agent.bk : Cleaned with backup
C:\WINDOWS\system32\dcom_14.dll -> Backdoor.Agent.uu : Cleaned with backup
C:\WINDOWS\system32\dIdrm.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dmonwv.dll -> Downloader.Agent.agw : Cleaned with backup
C:\WINDOWS\system32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\exp.exe -> Downloader.Small.abd : Cleaned with backup
C:\WINDOWS\system32\expload.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\faotvpap7.exe -> Trojan.Runner.h : Cleaned with backup
C:\WINDOWS\system32\iaqaase.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\WINDOWS\system32\immkmfho.dll -> Adware.Agent : Cleaned with backup
C:\WINDOWS\system32\jckccvf.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\jikhm.dat -> Downloader.Qoologic.bj : Cleaned with backup
C:\WINDOWS\system32\kernels8.exe -> Downloader.Agent.ags : Cleaned with backup
C:\WINDOWS\system32\klgll.dll -> Downloader.Small : Cleaned with backup
C:\WINDOWS\system32\lbu.dll -> Proxy.Agent.df : Cleaned with backup
C:\WINDOWS\system32\mspostsp.exe -> Trojan.Inject.i : Cleaned with backup
C:\WINDOWS\system32\msupdate32.dll -> Downloader.Delf.aic : Cleaned with backup
C:\WINDOWS\system32\pre1.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\qodsregq.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\qrdsregm.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\qwinsrag.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\rjbxnq\csrss.exe -> Backdoor.Landis.w : Cleaned with backup
C:\WINDOWS\system32\rjbxnq\smss.exe -> Logger.VB.lo : Cleaned with backup
C:\WINDOWS\system32\rwintrag.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\slk8x2peu.exe -> Adware.Suggestor : Cleaned with backup
C:\WINDOWS\system32\slx.exeW -> Downloader.Agent.ags : Cleaned with backup
C:\WINDOWS\system32\sndmixex.dll -> Downloader.Agent.afl : Cleaned with backup
C:\WINDOWS\system32\swinprag.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\sysvx.exe -> Worm.Locksky.aj : Cleaned with backup
C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Cleaned with backup
C:\WINDOWS\system32\vxgame1.exe -> Downloader.Small.cop : Cleaned with backup
C:\WINDOWS\system32\vxgamet2.exe -> Downloader.Small.skn : Cleaned with backup
C:\WINDOWS\system32\w9seq.dll -> Adware.Suggestor : Cleaned with backup
C:\WINDOWS\system32\winetn32.dll -> Downloader.Small.cml : Cleaned with backup
C:\WINDOWS\system32\winspy.exe -> Downloader.Small.ckq : Cleaned with backup
C:\WINDOWS\system32\wintask.exe -> Downloader.Small.abd : Cleaned with backup
C:\WINDOWS\system32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll -> Trojan.VB.aft : Cleaned with backup
C:\WINDOWS\sysvx_.exe -> Downloader.Small.cof : Cleaned with backup
C:\WINDOWS\Temp\!update.exe -> Downloader.PurityScan.an : Error during cleaning
C:\WINDOWS\Temp\373C.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\3C45.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\471C.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\4736.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\5C14.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\5D7C.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\67F9.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\6E73.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\77A0.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\84CF.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\85C7.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\85D8.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\8661.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\8694.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\8702.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\8A7C.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\8D1C.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\9104.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\92AA.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\949E.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\9A89.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\9FF8.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\A090.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\A8B1.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\A8D2.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\b.com -> Dropper.Agent.pb : Error during cleaning
C:\WINDOWS\Temp\B11.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\B17.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\C250.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\DEBA.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\Temp\ED7D.tmp -> Trojan.Agent.fs : Error during cleaning
C:\WINDOWS\ts.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\wjlmizg.exe -> Hijacker.VB.ij : Cleaned with backup
C:\WINDOWS\xpupdate.exe -> Not-A-Virus.Hoax.Win32.Renos.bt : Cleaned with backup
C:\WINDOWS\Міcrosoft\nоtepad.exe -> Adware.PurityScan : Cleaned with backup
C:\winqvjcbh6.dll -> Trojan.Small : Cleaned with backup
C:\ZICORN001.exe -> Adware.ZenoSearch : Cleaned with backup


::Report End

I hope that works for some reason the ewido scan ret would not post in one shot - thanks

#10 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:06:11 AM

Posted 31 March 2006 - 09:41 PM

utopist1,

Your computer is one of the most heavily infected systems that I have come accross in a long time. You have so many viruses and trojans that I cant name them all. One of the reasons is that some of the ones you have are downloading other viruses while you are connected to the internet. What I need you to do is except for downloading a program that I may need you to install and also for accessing this forum, you need to stay off the internet, or as we remove things, more are downloaded and you will be waisting my time and your own.

Print this out as you will have to close your browser for most of the fix.

Open HJT> MIsc Tools> Delete an NT Service

Enter both these services one at a time and click on OK.
cmdService
Windows Overlay Components


Close out the program


====================================================

Go to your Add-Remove programs in the Control Panel and uninstall these programs if present.

C:\Program Files\Internet Optimizer
C:\Program Files\webHancer
C:\Program Files\EQAdvice



======================================================


Open up Ewido, check for updates and close out the program.

Make sure that you still have windows enabled to show all files and folders and reboot into Safemode. Make sure you do this in Safemode.

Run Ewido and let it remove everything it finds.


===========================================================



Still in Safemode Open HJT Scan Only , make sure the only window you have open is HJT, check all these entries and click on Fix Checked.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\ttmia.exe
F2 - REG:system.ini: UserInit=userinit.exe,epsmkvc.exe
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O4 - HKLM\..\Run: [keyboard] c:\windows\keyboard7.exe
O4 - HKLM\..\Run: [mousepad] c:\windows\mousepad7.exe
O4 - HKLM\..\Run: [kvlakvgA] C:\WINDOWS\kvlakvgA.exe
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [ms0575387-8704] C:\WINDOWS\ms0575387-8704.exe
O4 - HKLM\..\Run: [sys0270475387-8] C:\WINDOWS\sys0270475387-8.exe
O4 - HKLM\..\Run: [sys10-870475387] C:\WINDOWS\sys10-870475387.exe
O4 - HKLM\..\Run: [win32097-87047538] C:\WINDOWS\win32097-87047538.exe
O4 - HKLM\..\Run: [w0063c50.dll] RUNDLL32.EXE w0063c50.dll,I2 0000387c00063c50
O4 - HKLM\..\Run: [wjlmizgA] C:\WINDOWS\wjlmizgA.exe
O4 - HKLM\..\Run: [w008cd5b.dll] RUNDLL32.EXE w008cd5b.dll,I2 0000387c0008cd5b
O4 - HKLM\..\Run: [newname] c:\windows\newname7.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [ms030475387-87] C:\WINDOWS\ms030475387-87.exe
O4 - HKLM\..\Run: [CQ4d6] "C:\WINDOWS\System32\slk8x2peu.exe"
O4 - HKLM\..\Run: [{D9-99-98-85-ZN}] c:\windows\system32\qodsregq.exe CORN001
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - Startup: Z_Start.lnk = C:\ZICORN001.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O18 - Filter: text/html - {D332110E-3EDB-417B-B8E2-297B61C074C6} - C:\WINDOWS\System32\OUGHYA~1.DLL
O21 - SSODL: Agere Systems Soft Modem - {3C06DEF6-36D5-509D-AD63-F010FD604338} - \winqvjcbh6.dll (file missing)
O23 - Service: csrss - Unknown owner - C:\WINDOWS\cfrss.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\kvlakvg.exe (file missing)



===========================================================


Still in Safemode
, delete all these files and folders

C:\ZICORN001.exe

C:\WINDOWS\IA
C:\WINDOWS\cfrss.exe
C:\windows\mousepad6.exe
C:\WINDOWS\kvlakvgA.exe
C:\WINDOWS\errorhandler.exe
C:\WINDOWS\ms0575387-8704.exe
C:\WINDOWS\sys10-870475387.exe
C:\WINDOWS\win32097-87047538.exe
C:\WINDOWS\wjlmizgA.exe
C:\WINDOWS\ms030475387-87.exe
c:\windows\keyboard7.exe
C:\WINDOWS\ms0575387-8704.exe
C:\WINDOWS\sys0270475387-8.exe
C:\WINDOWS\sys10-870475387.exe
C:\WINDOWS\win32097-87047538.exe
c:\windows\newname7.exe
C:\WINDOWS\SYSC00.exe

C:\WINDOWS\System32\dmonwv.dll
C:\WINDOWS\System32\slk8x2peu.exe
C:\WINDOWS\System32\e6tw76cpw.exe
c:\windows\system32\qodsregq.exe
C:\WINDOWS\System32\swinprag.exe
C:\WINDOWS\System32\ttmia.exe

C:\Program Files\Common Files\VCClient\VCMain.exe
C:\Program Files\Common Files\VCClient\VCClient.exe

C:\Program Files\Internet Optimizer
C:\Program Files\webHancer
C:\Program Files\EQAdvice


Reboot normally


Run CCleaner again including the Issues Scan


===========================================================

Download the trial version of Spy Sweeper from Here

Scroll to the bottom of the page and be sure to download and install the Free 4.5 Trial and not t the free online scan.

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive
alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C.
Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer, and then please copy and paste the SpySweeper log into this thread.

Post back with the Ewido report , the Spysweeper report and a new HJT log.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#11 utopist1

utopist1
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 02 April 2006 - 11:39 AM

ken here goes - spy sweeper, ewido and HJT - most liely in a few posts Thanks Utopist1

********
4:02 AM: | Start of Session, Sunday, April 02, 2006 |
4:02 AM: Spy Sweeper started
4:02 AM: Sweep initiated using definitions version 646
4:02 AM: Found Adware: bravesentry
4:02 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\software\microsoft\windows\currentversion\run\ || bravesentry (ID = 1210803)
4:02 AM: BraveSentry.exe (ID = 1210803)
4:02 AM: Found Trojan Horse: trojan-backdoor-securemulti
4:02 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\software\microsoft\windows\currentversion\run\ || taskdir (ID = 1220571)
4:02 AM: taskdir.exe (ID = 1220571)
4:02 AM: HKU\S-1-5-21-3129800862-1678232068-687263820-1003\software\microsoft\windows\currentversion\run\ || bravesentry (ID = 1210803)
4:02 AM: BraveSentry.exe (ID = 1210803)
4:02 AM: Starting Memory Sweep
4:03 AM: Found Adware: clkoptimizer
4:03 AM: Detected running threat: C:\WINDOWS\system32\jrueryn.dll (ID = 268933)
4:03 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:03 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:03 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:03 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:03 AM: Detected running threat: C:\WINDOWS\system32\dkueaq.exe (ID = 268995)
4:03 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || dcyvao (ID = 0)
4:03 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\Software\Microsoft\Windows\CurrentVersion\Run || yygwb (ID = 0)
4:03 AM: HKU\S-1-5-21-3129800862-1678232068-687263820-1003\Software\Microsoft\Windows\CurrentVersion\Run || yygwb (ID = 0)
4:03 AM: Detected running threat: C:\WINDOWS\system32\ttmia.exe (ID = 268934)
4:03 AM: Detected running threat: C:\WINDOWS\system32\ttmia.exe (ID = 268934)
4:03 AM: Detected running threat: C:\WINDOWS\system32\ttmia.exe (ID = 268934)
4:04 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:04 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:04 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:04 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:05 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:05 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:05 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:05 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:06 AM: Detected running threat: C:\Program Files\BraveSentry\BraveSentry.exe (ID = 266906)
4:06 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\Software\Microsoft\Windows\CurrentVersion\Run || BraveSentry (ID = 0)
4:06 AM: HKU\S-1-5-21-3129800862-1678232068-687263820-1003\Software\Microsoft\Windows\CurrentVersion\Run || BraveSentry (ID = 0)
4:06 AM: Detected running threat: C:\Program Files\BraveSentry\BraveSentry0.dll (ID = 259284)
4:06 AM: Detected running threat: C:\Program Files\BraveSentry\BraveSentry1.dll (ID = 259286)
4:06 AM: Detected running threat: C:\Program Files\BraveSentry\BraveSentry2.dll (ID = 259288)
4:06 AM: Detected running threat: C:\Program Files\BraveSentry\BraveSentry3.dll (ID = 259289)
4:07 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:07 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:07 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:07 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:07 AM: Memory Sweep Complete, Elapsed Time: 00:05:34
4:07 AM: Starting Registry Sweep
4:08 AM: Found Adware: surfsidekick
4:08 AM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (1 subtraces) (ID = 143389)
4:08 AM: HKLM\software\classes\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (1 subtraces) (ID = 143392)
4:08 AM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400)
4:08 AM: Found Trojan Horse: trojan-backdoor-msdcom32
4:08 AM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {2c1cd3d7-86ac-4068-93bc-a02304bb8c34} (ID = 510271)
4:08 AM: Found Adware: visfx
4:08 AM: HKLM\software\microsoft\windows\currentversion\uninstall\ovmon\ (2 subtraces) (ID = 712951)
4:08 AM: HKLM\software\qstat\ (5 subtraces) (ID = 769771)
4:08 AM: Found Adware: targetsaver
4:08 AM: HKLM\software\wifi\ (12 subtraces) (ID = 775754)
4:08 AM: Found Adware: ieplugin
4:08 AM: HKLM\software\microsoft\windows\currentversion\uninstall\internet explorer toolbar - intelligent explorer\ (2 subtraces) (ID = 841077)
4:08 AM: HKLM\software\qstat\ || brr (ID = 877670)
4:08 AM: Found Adware: command
4:08 AM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ (7 subtraces) (ID = 892523)
4:08 AM: Found Adware: dollarrevenue
4:08 AM: HKLM\software\policies\ || {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} (ID = 916803)
4:08 AM: Found Adware: enbrowser
4:08 AM: HKLM\software\system\sysold\ (5 subtraces) (ID = 926808)
4:08 AM: Found Trojan Horse: trojan agent winlogonhook
4:08 AM: HKLM\software\microsoft\mssmgr\ (9 subtraces) (ID = 937101)
4:08 AM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || nomodify (ID = 958653)
4:08 AM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || noremove (ID = 958654)
4:08 AM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || norepair (ID = 958655)
4:08 AM: HKLM\software\policies\ || {6bf52a52-394a-11d3-b153-00c04f79faa6} (ID = 967836)
4:08 AM: HKLM\software\microsoft\windows\currentversion\uninstall\webnexus\ (2 subtraces) (ID = 1006191)
4:08 AM: HKLM\software\policies\ || {645ff040-5081-101b-9f08-00aa002f954e} (ID = 1036890)
4:08 AM: Found Adware: zquest
4:08 AM: HKLM\software\microsoft\windows\currentversion\uninstall\dh\ (2 subtraces) (ID = 1057035)
4:08 AM: HKLM\software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}\ (7 subtraces) (ID = 1110756)
4:08 AM: HKLM\software\microsoft\drsmartload2\ (1 subtraces) (ID = 1134137)
4:08 AM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || uninstallstring (ID = 1134952)
4:08 AM: Found Adware: quicklink search toolbar
4:08 AM: HKCR\fseytdc.ariaqudok\ (3 subtraces) (ID = 1180460)
4:08 AM: HKCR\fseytdc.ariaqudok.1\ (3 subtraces) (ID = 1180464)
4:08 AM: HKCR\fseytdc.yvakt\ (3 subtraces) (ID = 1180468)
4:08 AM: HKCR\fseytdc.yvakt.1\ (3 subtraces) (ID = 1180472)
4:08 AM: HKLM\software\classes\fseytdc.ariaqudok\ (3 subtraces) (ID = 1180510)
4:08 AM: HKLM\software\classes\fseytdc.ariaqudok.1\ (3 subtraces) (ID = 1180514)
4:08 AM: HKLM\software\classes\fseytdc.yvakt\ (3 subtraces) (ID = 1180518)
4:08 AM: HKLM\software\classes\fseytdc.yvakt.1\ (3 subtraces) (ID = 1180522)
4:08 AM: Found Adware: fullcontext
4:08 AM: HKCR\clsid\{994d478a-45d0-4db4-ae77-288b1e346e99}\ (1 subtraces) (ID = 1190252)
4:08 AM: HKCR\typelib\{1b8b502e-455b-4022-be77-fb6d9f808a18}\ (9 subtraces) (ID = 1190257)
4:08 AM: HKLM\software\classes\clsid\{994d478a-45d0-4db4-ae77-288b1e346e99}\ (1 subtraces) (ID = 1190291)
4:08 AM: HKLM\software\classes\typelib\{1b8b502e-455b-4022-be77-fb6d9f808a18}\ (9 subtraces) (ID = 1190296)
4:08 AM: HKLM\software\microsoft\windows\currentversion\uninstall\bravesentry\ (5 subtraces) (ID = 1198509)
4:08 AM: HKCR\typelib\{3a76a523-4fbc-487c-a94f-a94ea80e48ef}\ (9 subtraces) (ID = 1198901)
4:08 AM: HKLM\software\oj1vshp3a\ (2 subtraces) (ID = 1198933)
4:08 AM: HKLM\software\classes\typelib\{3a76a523-4fbc-487c-a94f-a94ea80e48ef}\ (9 subtraces) (ID = 1198962)
4:08 AM: HKLM\software\microsoft\windows\currentversion\uninstall\jgaf\ (2 subtraces) (ID = 1198973)
4:08 AM: HKLM\software\microsoft\windows\currentversion\uninstall\jgaf\ || uninstallstring (ID = 1199465)
4:08 AM: HKCR\clsid\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}\ (6 subtraces) (ID = 1212644)
4:08 AM: HKLM\software\classes\clsid\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}\ (6 subtraces) (ID = 1212651)
4:08 AM: Found Adware: ezula ilookup
4:08 AM: HKCR\da.bomb\ (5 subtraces) (ID = 1221354)
4:08 AM: HKCR\da.bomb.1\ (3 subtraces) (ID = 1221359)
4:08 AM: HKCR\onone.theimp\ (5 subtraces) (ID = 1221362)
4:08 AM: HKCR\onone.theimp.1\ (3 subtraces) (ID = 1221367)
4:08 AM: HKCR\clsid\{23fb5add-da37-4a40-9fc0-b0e2384cde92}\ (11 subtraces) (ID = 1221402)
4:08 AM: HKCR\clsid\{ed5d884b-1a35-482e-bea1-dd52f75b6138}\ (11 subtraces) (ID = 1221449)
4:08 AM: HKLM\software\classes\da.bomb\ (5 subtraces) (ID = 1221507)
4:08 AM: HKLM\software\classes\da.bomb.1\ (3 subtraces) (ID = 1221512)
4:08 AM: HKLM\software\classes\onone.theimp\ (5 subtraces) (ID = 1221515)
4:08 AM: HKLM\software\classes\onone.theimp.1\ (3 subtraces) (ID = 1221523)
4:08 AM: HKLM\software\classes\clsid\{23fb5add-da37-4a40-9fc0-b0e2384cde92}\ (11 subtraces) (ID = 1221558)
4:08 AM: HKLM\software\classes\clsid\{ed5d884b-1a35-482e-bea1-dd52f75b6138}\ (11 subtraces) (ID = 1221605)
4:08 AM: Found Adware: coolwebsearch (cws)
4:08 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\software\microsoft\internet explorer\keywords\ (23 subtraces) (ID = 109820)
4:08 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\software\microsoft\windows\currentversion\run\ || xp_system (ID = 112421)
4:08 AM: Found Adware: findthewebsiteyouneed hijack
4:08 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236)
4:08 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\software\microsoft\internet explorer\main\ || search bar (ID = 125237)
4:08 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\software\microsoft\internet explorer\main\ || search page (ID = 125238)
4:08 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
4:08 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
4:08 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\software\surfsidekick3\ (2 subtraces) (ID = 143412)
4:08 AM: Found Adware: 180search assistant/zango
4:08 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\software\zango\ (14 subtraces) (ID = 147919)
4:08 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
4:08 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\software\system\sysuid\ (1 subtraces) (ID = 731748)
4:08 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\software\microsoft\internet explorer\main\ || search bar (ID = 790268)
4:08 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\software\microsoft\internet explorer\main\ || default_search_url (ID = 790269)
4:08 AM: Found Trojan Horse: trojan-backdoor-satellite
4:08 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\software\microsoft\moviemaker\recordsettings\captureset\ (1 subtraces) (ID = 1021450)
4:08 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\software\microsoft\windows nt\currentversion\windows\ || run (ID = 1062376)
4:08 AM: Found Adware: bravesentry fakealert
4:08 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\software\microsoft\windows\currentversion\run\ || windows update loader (ID = 1198438)
4:08 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\software\bravesentry\ (12 subtraces) (ID = 1198479)
4:08 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\software\microsoft\windows\currentversion\run\ || bravesentry (ID = 1199973)
4:08 AM: HKU\S-1-5-21-3129800862-1678232068-687263820-1003\software\microsoft\internet explorer\sites\ (10 subtraces) (ID = 109822)
4:08 AM: Found Adware: cws-aboutblank
4:08 AM: HKU\S-1-5-21-3129800862-1678232068-687263820-1003\software\microsoft\internet explorer\main\ || homeoldsp (ID = 115923)
4:08 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:08 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:08 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:08 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:08 AM: HKU\S-1-5-21-3129800862-1678232068-687263820-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
4:08 AM: HKU\S-1-5-21-3129800862-1678232068-687263820-1003\software\system\sysuid\ (1 subtraces) (ID = 731748)
4:08 AM: HKU\S-1-5-21-3129800862-1678232068-687263820-1003\software\wifi\ (4 subtraces) (ID = 775744)
4:08 AM: HKU\S-1-5-21-3129800862-1678232068-687263820-1003\software\eqadvice\ (8 subtraces) (ID = 1190273)
4:08 AM: HKU\S-1-5-21-3129800862-1678232068-687263820-1003\software\fcadvice\ (3 subtraces) (ID = 1190282)
4:08 AM: HKU\S-1-5-21-3129800862-1678232068-687263820-1003\software\bravesentry\ (13 subtraces) (ID = 1198479)
4:08 AM: HKU\S-1-5-21-3129800862-1678232068-687263820-1003\software\microsoft\windows\currentversion\run\ || bravesentry (ID = 1199973)
4:08 AM: HKU\S-1-5-18\software\microsoft\moviemaker\recordsettings\captureset\ (1 subtraces) (ID = 1021450)
4:08 AM: Registry Sweep Complete, Elapsed Time:00:00:57
4:08 AM: Starting Cookie Sweep
4:08 AM: Found Spy Cookie: atlas dmt cookie
4:08 AM: owner@atdmt[1].txt (ID = 2253)
4:08 AM: Found Spy Cookie: atwola cookie
4:08 AM: owner@atwola[1].txt (ID = 2255)
4:08 AM: Found Spy Cookie: dealtime cookie
4:08 AM: system@dealtime[2].txt (ID = 2505)
4:08 AM: system@stat.dealtime[1].txt (ID = 2506)
4:08 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
4:08 AM: Starting File Sweep
4:09 AM: Found Adware: directrevenue-abetterinternet
4:09 AM: c:\windows\inst (2 subtraces) (ID = -2147480086)
4:09 AM: Found Trojan Horse: 2nd-thought
4:09 AM: c:\windows\bundles (60 subtraces) (ID = -2147481535)
4:09 AM: c:\program files\fcadvice (2 subtraces) (ID = -2147454475)
4:09 AM: c:\program files\common files\vcclient (7 subtraces) (ID = -2147461290)
4:09 AM: c:\program files\bravesentry (9 subtraces) (ID = -2147454218)
4:09 AM: c:\documents and settings\megan.your-rtmejesvbc\start menu\programs\bravesentry (2 subtraces) (ID = -2147453976)
4:09 AM: Found Trojan Horse: trojan downloader matcash
4:09 AM: c:\program files\common files\inetget (ID = -2147477182)
4:09 AM: c:\program files\network monitor (ID = -2147459771)
4:09 AM: Found Adware: winad
4:09 AM: c:\program files\mediagateway (ID = -2147463340)
4:09 AM: c:\documents and settings\owner\start menu\programs\bravesentry (2 subtraces) (ID = -2147453976)
4:09 AM: Found Adware: winantispyware 2005
4:09 AM: c:\program files\common files\winsoftware (ID = -2147476682)
4:09 AM: Found Adware: delfin
4:09 AM: c:\documents and settings\all users\application data\vidctrl (1 subtraces) (ID = -2147477475)
4:09 AM: Found Adware: broadcastpc
4:09 AM: c:\program files\bpt (1 subtraces) (ID = -2147481334)
4:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:10 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:10 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:10 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:10 AM: drsmartload1.exe (ID = 245972)
4:10 AM: jrueryn.dll (ID = 268933)
4:10 AM: drsmartload46a.exe (ID = 274033)
4:11 AM: nsc1e.dll (ID = 273239)
4:11 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:11 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:11 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:11 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:11 AM: jikhm.dat (ID = 268995)
4:11 AM: runner.dll (ID = 257233)
4:11 AM: 315502.exe (ID = 268824)
4:11 AM: Found Trojan Horse: trojan-downloader-asdbiz.biz
4:11 AM: vx1.game (ID = 80237)
4:12 AM: repairs303169563.dll (ID = 271832)
4:12 AM: dr140306.exe (ID = 267188)
4:12 AM: dhu.exe (ID = 269844)
4:12 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:12 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:12 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:12 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:12 AM: pf78.exe (ID = 244430)
4:12 AM: sk02.exe (ID = 273586)
4:13 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:13 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:13 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:13 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:13 AM: 3p2.exe (ID = 78225)
4:13 AM: pf78bb.exe (ID = 274009)
4:13 AM: vxt4.game (ID = 80237)
4:13 AM: vxgame4.exe (ID = 80237)
4:14 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:14 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:14 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:14 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:15 AM: Found Adware: ist yoursitebar
4:15 AM: ysbactivex.dll (ID = 112243)
4:15 AM: 328520.exe (ID = 274032)
4:15 AM: pf78ba.exe (ID = 268846)
4:16 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:16 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:16 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:16 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:16 AM: Found Adware: daosearch
4:16 AM: 37884124.txt (ID = 57424)
4:16 AM: Found Adware: clearsearch
4:16 AM: 52709528.txt (ID = 52532)
4:16 AM: 64983520.bin (ID = 52544)
4:16 AM: 8554277.txt (ID = 52519)
4:16 AM: 42418240.bin (ID = 57421)
4:16 AM: bpt_c.exe (ID = 51835)
4:16 AM: Found Adware: flashtrack
4:16 AM: flenclean.exe (ID = 61079)
4:17 AM: tpuninstall.exe (ID = 209217)
4:17 AM: Found Adware: maxifiles
4:17 AM: autoit3.exe (ID = 185254)
4:17 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:17 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:17 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:17 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:18 AM: unwn.exe (ID = 268798)
4:18 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:18 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:18 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:18 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:18 AM: bk.exe (ID = 269148)
4:19 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:19 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:19 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:19 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:20 AM: vx6.game (ID = 80237)
4:21 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:21 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:21 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:21 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:22 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:22 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:22 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:22 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:23 AM: Found Adware: redvpopup
4:23 AM: tarball.wav (ID = 73686)
4:23 AM: ss1001.exe (ID = 216718)
4:23 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:23 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:23 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:23 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:25 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:25 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:25 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:25 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:25 AM: Found Adware: look2me
4:25 AM: p64u0gh9e64.dll (ID = 159)
4:25 AM: teemeui.dll (ID = 159)
4:26 AM: mvpol9731.dll (ID = 159)
4:26 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:26 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:26 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:26 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:27 AM: Found Adware: neededware
4:27 AM: epxactivex.ocx (ID = 70648)
4:27 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:27 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:27 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:27 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:28 AM: qvxt2.game (ID = 80237)
4:28 AM: qvxt3.game (ID = 80237)
4:28 AM: t3qvvodd.dll (ID = 52466)
4:28 AM: csuninst.dll (ID = 52455)
4:28 AM: e590zm15.dll (ID = 52455)
4:28 AM: maxf7p70.dll (ID = 52813)
4:29 AM: yhie1n7k.dll (ID = 52456)
4:29 AM: ezstub_ropwo.exe (ID = 60541)
4:29 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:29 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:29 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:29 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:29 AM: dk7vk1pj.dll (ID = 52740)
4:29 AM: 43q19tkh.dll (ID = 52687)
4:30 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:30 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:30 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:30 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:31 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:31 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:31 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:31 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:31 AM: Found Adware: tinkopal
4:31 AM: tinko_vcm.exe (ID = 122930)
4:33 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:33 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:33 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:33 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:33 AM: tagasaurus.exe (ID = 244271)
4:34 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:34 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:34 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:34 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:35 AM: vcupdate.exe (ID = 212831)
4:35 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:35 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:35 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:35 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:36 AM: ao0i4m.knr (ID = 208796)
4:36 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:36 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:36 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:36 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:38 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:38 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:38 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:38 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:39 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:39 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:39 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:39 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:39 AM: vcupdate.exe.config (ID = 212361)
4:40 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:40 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:40 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:40 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:41 AM: atmtd.dll._ (ID = 166754)
4:41 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:41 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:41 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:41 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:43 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:43 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:43 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:43 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:44 AM: uninstall_nmon.vbs (ID = 231442)
4:44 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:44 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:44 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:44 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:45 AM: 34801415.dat (ID = 52539)
4:45 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:45 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:45 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:45 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:47 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:47 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:47 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:47 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:47 AM: 44413650.dat (ID = 52529)
4:48 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:48 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:48 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:48 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:48 AM: epsmkvc.exe (ID = 268932)
4:48 AM: ttmia.exe (ID = 268934)
4:48 AM: dkueaq.exe (ID = 268995)
4:48 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || dcyvao (ID = 0)
4:48 AM: HKU\WRSS_Profile_S-1-5-21-3129800862-1678232068-687263820-1008\Software\Microsoft\Windows\CurrentVersion\Run || yygwb (ID = 0)
4:48 AM: HKU\S-1-5-21-3129800862-1678232068-687263820-1003\Software\Microsoft\Windows\CurrentVersion\Run || yygwb (ID = 0)
4:48 AM: vshfg.exe (ID = 268995)
4:48 AM: ieunst.exe (ID = 150042)
4:49 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:49 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:49 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:49 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:49 AM: win32097-87047538.exe (ID = 270029)
4:49 AM: keyboard6.exe (ID = 272212)
4:49 AM: cv3wanv28.exe (ID = 259982)
4:49 AM: Found Adware: security iguard
4:49 AM: security iguard.lnk (ID = 75262)
4:49 AM: uwfx6_0001_n69m0903netinstaller.exe (ID = 266635)
4:50 AM: sskknwrd.dll (ID = 77733)
4:50 AM: sys10-870475387.exe (ID = 270029)
4:50 AM: atmtd.dll (ID = 166754)
4:50 AM: mksawrtal.amf (ID = 208796)
4:50 AM: 1.qtdfmp (ID = 80237)
4:50 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:50 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:50 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:50 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:51 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:51 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:51 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:51 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:53 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:53 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:53 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:53 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:53 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:53 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:54 AM: Found Adware: zenosearchassistant
4:54 AM: msnav32.ax (ID = 220229)
4:54 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:54 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:54 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:54 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:54 AM: 39204035.bin (ID = 52512)
4:54 AM: 66583480.dat (ID = 57422)
4:54 AM: 76564784.bin (ID = 52531)
4:54 AM: 72019938.bin (ID = 52517)
4:54 AM: 86967872.dat (ID = 52523)
4:55 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:55 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:55 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:55 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:56 AM: 9725079.bin (ID = 52536)
4:56 AM: 26823680.bin (ID = 52520)
4:56 AM: 81882648.dat (ID = 57426)
4:56 AM: 72301342.dat (ID = 57423)
4:56 AM: 68321680.txt (ID = 52541)
4:56 AM: osd1e.osd (ID = 70665)
4:56 AM: clientupdater.bat (ID = 212353)
4:56 AM: vcclient.exe.config (ID = 212358)
4:56 AM: ppq163.tmp (ID = 83222)
4:56 AM: Found Trojan Horse: trojan-backdoor-nochod
4:56 AM: csrss.lnk (ID = 258761)
4:56 AM: ke.vbs (ID = 185675)
4:57 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:57 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:57 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:57 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:58 AM: Warning: Invalid file - not a PKZip file
4:58 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:58 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:58 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:58 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:58 AM: Warning: Invalid file - not a PKZip file
4:58 AM: Warning: Invalid Stream
4:58 AM: Warning: Invalid Stream
4:58 AM: Warning: Invalid Stream
4:58 AM: Warning: Invalid Stream
4:58 AM: Warning: Invalid Stream
4:58 AM: Warning: Invalid Stream
4:58 AM: Warning: Invalid Stream
4:58 AM: Warning: Invalid Stream
4:58 AM: Warning: Invalid Stream
4:58 AM: Warning: Invalid Stream
4:59 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:59 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:59 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:59 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:00 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:00 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:00 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:00 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:01 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:01 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:01 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:01 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:03 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:03 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:03 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:03 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:04 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:04 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:04 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:04 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:04 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:04 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:04 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:04 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:05 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:05 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:05 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:05 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:05 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:05 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:05 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:05 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:06 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:06 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:06 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:06 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:07 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:07 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:07 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:07 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:07 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:07 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:07 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:07 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:08 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:08 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:08 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:08 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:08 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:08 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:08 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:08 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:09 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:09 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:09 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:09 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:09 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:09 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:10 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:10 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:10 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:10 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:10 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:10 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:10 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:10 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:10 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:10 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:10 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:10 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:11 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:11 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:11 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:11 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:11 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:11 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:11 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:11 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:12 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:12 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:12 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:12 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:13 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:13 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:13 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:13 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:13 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:13 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:13 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:13 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:13 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:13 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:13 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:13 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:14 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:14 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:14 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:14 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:14 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:14 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:14 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:14 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:15 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:15 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:15 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:15 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:15 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:15 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:15 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:15 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:15 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:15 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:15 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:15 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:16 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:16 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:16 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:16 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:17 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:17 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:17 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:17 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:17 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:17 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:17 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:17 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:17 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:17 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:17 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:17 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:18 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:18 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:18 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:18 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:18 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:18 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:18 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:18 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:19 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:19 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:19 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:19 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:19 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:19 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:19 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:19 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:19 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:19 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:19 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:19 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:20 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:20 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:20 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:20 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:20 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:20 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:20 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:20 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:20 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:20 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:20 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:20 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:21 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:21 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:21 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:21 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:21 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:21 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:21 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:21 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:21 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:21 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:21 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:21 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:22 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:22 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:22 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:22 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:23 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:23 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:23 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:23 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:23 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:23 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:23 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:23 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:23 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:23 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:23 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:23 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:24 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:24 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:24 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:24 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:24 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:24 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:24 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:24 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:25 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:25 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:25 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:25 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:25 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:25 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:26 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:26 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:26 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:26 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:27 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:27 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:27 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:27 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:27 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:27 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:27 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:27 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:27 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:27 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:27 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:27 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:28 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:28 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:28 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:28 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:28 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:28 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:28 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:28 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:28 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:28 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:28 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:28 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:29 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:29 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:29 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:29 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:29 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:29 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:29 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:29 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:30 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:30 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:30 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:30 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:30 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:30 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:30 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:30 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:31 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:31 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:31 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:31 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:31 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:31 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:31 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:31 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:31 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:31 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:31 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:32 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:32 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:32 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:32 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:32 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:32 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:32 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:33 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:33 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:33 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:33 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:33 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:33 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:33 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:33 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:33 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:33 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:34 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:34 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:34 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:34 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:34 AM: Warning: Invalid Stream
5:34 AM: Warning: Invalid Stream
5:34 AM: Warning: Invalid Stream
5:34 AM: Warning: Invalid Stream
5:34 AM: Warning: Invalid Stream
5:34 AM: Warning: Invalid Stream
5:34 AM: Warning: Invalid Stream
5:34 AM: Warning: Invalid Stream
5:34 AM: Warning: Invalid Stream
5:34 AM: Warning: Invalid Stream
5:34 AM: Warning: Invalid Stream
5:34 AM: Warning: Invalid Stream
5:34 AM: Warning: Invalid Stream
5:34 AM: Warning: Invalid Stream
5:34 AM: Warning: Invalid Stream
5:34 AM: Warning: Invalid Stream
5:34 AM: Warning: Invalid Stream
5:34 AM: Warning: Invalid Stream
5:34 AM

#12 utopist1

utopist1
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 02 April 2006 - 11:42 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:34:51 AM, on 4/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\protect.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\InterMute\IMStart.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/0409/xm...dir.asp?Ext=fla
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\ttmia.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,epsmkvc.exe
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_3_12_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [w04a6634.dll] RUNDLL32.EXE w04a6634.dll,I2 0000387c004a6634
O4 - HKLM\..\Run: [w00106b2.dll] RUNDLL32.EXE w00106b2.dll,I2 0000387c000106b2
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [w001d3f4.dll] RUNDLL32.EXE w001d3f4.dll,I2 0000387c0001d3f4
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .MID: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\p64u0gh9e64.dll (file missing)
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\db8vb.dll (file missing)
O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Microsoft Windows XP Firewall SP3 - Unknown owner - C:\WINDOWS\protect.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:24:52 AM, 4/2/2006
+ Report-Checksum: 129D310A

+ Scan result:

HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup
HKU\S-1-5-21-3129800862-1678232068-687263820-1003\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-3129800862-1678232068-687263820-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-3129800862-1678232068-687263820-1003\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
[592] C:\WINDOWS\system32\obbc16gt.dll -> Adware.Look2Me : Error during cleaning
[728] C:\WINDOWS\system32\obbc16gt.dll -> Adware.Look2Me : Error during cleaning
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ztrb52cu.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Installer.exe -> Adware.Look2Me : Cleaned with backup
C:\krw1dn.exe -> Downloader.Agent.afi : Cleaned with backup
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
C:\Program Files\Internet Optimizer\optimize.exe -> Adware.InternetOptimizer : Cleaned with backup
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup
C:\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\IA\command.exe -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\offun.exe -> Downloader.VB.nw : Cleaned with backup
C:\WINDOWS\pf79.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\WINDOWS\SYSC00.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\system32\dmonwv.dll -> Downloader.Agent.agw : Cleaned with backup
C:\WINDOWS\system32\jikhm.dat -> Downloader.Qoologic.bj : Cleaned with backup
C:\WINDOWS\system32\mpvcp70.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\qodsregq.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\swinprag.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\u2rulc991f.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\wjlmizg.exe -> Hijacker.VB.ij : Cleaned with backup
C:\ZICORN001.exe -> Adware.ZenoSearch : Cleaned with backup


::Report End

#13 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:06:11 AM

Posted 02 April 2006 - 12:01 PM

utopist1,

Where making progress :thumbsup: but still have a few things to do, I need to go over your log and the scan results and be back to you later today.

Ken :flowers:

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#14 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:06:11 AM

Posted 02 April 2006 - 03:13 PM

utopist1,



Download CWShredder
to your desktop , check for updates and run the tool letting it remove all it finds.



Download Pocket Killbox

* Open Pocket Killbox
* Copy and paste this entire path into Full Path of File to delete
* Set it to Delete on Reboot
* Tick the box that says End Explorer shell while killing file
* Click on the Red circle with the white X
* It will ask you to confirm the deletion...Say yes
* It will ask you to reboot, say yes


Highlight all the files in the quote box and copy them by pressing on Ctrl C and then paste them into Killbox in FULL PATH OF FILE TO DELETE by going to File > Paste from Clipboard

C:\WINDOWS\system32\db8vb.dll
C:\WINDOWS\system32\dkueaq.exe
C:\WINDOWS\system32\jrueryn.dll
C:\WINDOWS\system32\obbc16gt.dll
C:\WINDOWS\system32\p64u0gh9e64.dll
C:\WINDOWS\system32\ttmia.exe








Boot into Safemode and remove these entries with HJT

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\ttmia.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,epsmkvc.exe
O4 - HKLM\..\Run: [w04a6634.dll] RUNDLL32.EXE w04a6634.dll,I2 0000387c004a6634
O4 - HKLM\..\Run: [w001d3f4.dll] RUNDLL32.EXE w001d3f4.dll,I2 0000387c0001d3f4
O4 - HKLM\..\Run: [w001d3f4.dll] RUNDLL32.EXE w001d3f4.dll,I2 0000387c0001d3f4
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\p64u0gh9e64.dll (file missing)
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\db8vb.dll (file missing)
O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)




While in Safemode, look for and delete these files and folders if present.

C:\Program Files\BraveSentry
c:\program files\mediagateway
C:\Program Files\Internet Optimizer
C:\Program Files\NewDotNet
C:\Program Files\Network Monitor

These you will have to look for, they could be in either C:\windows or C:\windows\system32

epsmkvc.exe
w04a6634.dll
w00106b2.dll
w001d3f4.dl
winetn32.dll



Reboot normally


Open up HJT > Misc Tools > Uninstall Manager > and click on Save List and post the entire list into this thread, along with a new HJT log.


Ken

Edited by ken545, 02 April 2006 - 03:45 PM.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#15 utopist1

utopist1
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 02 April 2006 - 10:18 PM

Ken,

2Wire Wireless Client
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
Agere Systems PCI Soft Modem
CC_ccStart
ccCommon
CCleaner (remove only)
Collab
Compaq Connections
Compaq Instant Support
Compaq Organize
DirectX Hotfix - KB825116
ewido anti-malware
FL Studio 6
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
Internet Explorer Q828750
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
KBD
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
MDM Zinc v2.5 Trial
Microsoft .NET Framework 1.1
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Works 7.0
MSN
MSN Messenger 7.5
MSN Toolbar
MSRedist
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Outlook Express Update Q330994
PC-Doctor for Windows
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2004
Quicklinks
QuickTime
RealOne Player
RecordNow!
SBC Yahoo! Applications
SBC Yahoo! DSL Home Networking Installer
Sonic Update Manager
Spy Sweeper
Spyware Doctor 3.5
SymNet
Windows Installer 3.0 (KB884016)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB810217
Windows XP Hotfix - KB821431
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833407
Windows XP Hotfix - KB835732
Windows XP Hotfix (SP2) [See q329256 for more information]
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q329112
Windows XP Hotfix (SP2) Q331958
Windows XP Hotfix (SP2) Q811789
Windows XP Hotfix (SP2) Q814995
Windows XP Hotfix (SP2) Q815485
Windows XP Hotfix (SP2) Q817357
Yahoo! Install Manager
Yazzle Sudoku by OIN

Logfile of HijackThis v1.99.1
Scan saved at 10:15:55 PM, on 4/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\protect.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\notepad.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/0409/xm...dir.asp?Ext=fla
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_3_12_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [w000f721.dll] RUNDLL32.EXE w000f721.dll,I2 0000387c0000f721
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .MID: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Microsoft Windows XP Firewall SP3 - Unknown owner - C:\WINDOWS\protect.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users