Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Command Service


  • This topic is locked This topic is locked
11 replies to this topic

#1 Romine

Romine

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 31 March 2006 - 03:24 AM

Logfile of HijackThis v1.99.1
Scan saved at 3:21:12 AM, on 3/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\TWF0dCBCcmF5\command.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Qhzuqu\Qrtf.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\mousepad6.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\win3208264-2070907.exe
C:\WINDOWS\system32\winlog.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\zdcuvmaA.exe
C:\WINDOWS\errorhandler.exe
E:\RemoteControl\RCMan.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\ffor\fform.exe
C:\Program Files\EQAdvice\EQAdvice.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\DOCUME~1\Matt\LOCALS~1\Temp\cinfo.exe
C:\PROGRA~1\COMMON~1\ffor\ffora.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\FCAdvice\FCAdvice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\nhuor.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xcbrcvv.exe
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll
O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [win3208264-2070907] C:\WINDOWS\win3208264-2070907.exe
O4 - HKLM\..\Run: [zdcuvmaA] C:\WINDOWS\zdcuvmaA.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [ffor] C:\PROGRA~1\COMMON~1\ffor\fform.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Adobe\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125785333546
O16 - DPF: {D6983B6E-B13C-11D3-9B70-00A024969EF2} (ToolBand Class) - http://www.hispavista.com/barra20/IEHVBarra.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll
O20 - AppInit_DLLs: Runner.dll
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\hpj0231mg.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWF0dCBCcmF5\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

As you can see under 023 I have something listed as Command Service... I probably have a few more spyware on there as well. Anyways, CS is keeping me from being able to access my task manager and I am getting annoying popups. I've tried everything to get rid of it and yet everytime I run HJT it is still there. Any help on this would be greatly appreciated. Thanks

BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:03 PM

Posted 31 March 2006 - 06:52 AM

Hello and welcome aboard.. :thumbsup:

Lets get started.

==

Please print these instructions out, or write them down, as you can't read them during the fix.

1. Please download Ewido Anti-Malware
  • Install Ewido Anti-malware
  • Launch Ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run Ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

    You will need to update Ewido to the latest definition files.
    • On the left hand side of the main screen click Update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
  • Exit Ewido, do not run the scan yet!
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

==

2. Please download Brute Force Uninstaller to your desktop.
  • Right-click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

==

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


==

4. Once in Safe Mode, Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close Ewido anti-malware.

==

5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • In the Scriptline to execute field type or paste c:\bfu\alcanshorty.bfu
  • Press Execute and let it do itís job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the Complete script execution box to pop up and hit OK.
  • Press Exit to terminate the BFU program.
Reboot into normal Windows and post the contents of Ewido log that you saved along with a fresh HiJackThis log. :flowers:
Hi there, stranger!

#3 Romine

Romine
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 31 March 2006 - 05:16 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:11:37 PM, on 3/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
F:\ewido anti-malware\ewidoctrl.exe
F:\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\zdcuvmaA.exe
C:\Program Files\QuickTime\qttask.exe
F:\Adobe\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\nhuor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\nhuor.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xcbrcvv.exe
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll (file missing)
O4 - HKLM\..\Run: [zdcuvmaA] C:\WINDOWS\zdcuvmaA.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [slods] C:\WINDOWS\system32\wxekrq.exe reg_run
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Adobe\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: pfplx.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll
O20 - AppInit_DLLs: Runner.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\lv4609hse.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWF0dCBCcmF5\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - F:\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks for your help... I did what you asked me to do and as you can see command service is still there.. immediately upon restarting into normal mode I began recieving popups. Upon rebooting Ewido also is saying it has found a malicious program (Path C:\WINDOWS\system32) (infection: Downloader.Qoologic.bj) and when I hit clean it just gets caught in a loop of cleaning and coming back immediately. I'm getting pretty frustrated with this spyware, command service has been really tough to remove. On a positive note my task manager is now opening, so that is good. Thanks for your help, any more help would be greatly appreciated.

#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:03 PM

Posted 31 March 2006 - 05:23 PM

Hi again.. Lets continue. :thumbsup: Can I see your Ewido log too?

==

Please print these instructions out, or write them down, as you can't read them during the fix.

1. Please download delcmdservice (by Marckie), and save it to your Desktop.
  • Unzip the content to your Desktop (a folder named delcmdservice)
  • Double-click on the delcmdservice folder
  • Double-click on delreg.bat to launch the tool
  • When the tool has finished, please reboot your computer.
==

2. Please download Look2Me-Destroyer to your desktop.

Before continuing with the fix there is something you must do:
  • Click Start -> Run and type in: services.msc
  • Check that the following services are running and that their startup is set to automatic:
  • Seclogon, or Secondary logon service
  • Next your machine needs to be offline, manually disconnect the network cable if necessary.
  • Your antivirus, and every other security software MUST be disabled.
Now continue:
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Re-launch your Anti-virus/Firewall protection.
  • Re-connect back to the internet.
  • Please post the contents of C:\Look2Me-Destroyer.txt along with a fresh HiJackThis log. :flowers:
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

Edited by Rawe, 31 March 2006 - 05:23 PM.

Hi there, stranger!

#5 Romine

Romine
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 01 April 2006 - 02:20 AM

thanks for your help once again rawe! anyways here is my ewido log... I took out a HUGE part of it that was a bunch of random files in my username/complete folder (it wasn't posting with all that information).. so I hope the rest is what you needed

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:00:24 PM, 3/31/2006
+ Report-Checksum: A72E55FB

+ Scan result:

HKU\S-1-5-21-1417001333-492894223-725345543-1003\Software\Bundles -> Adware.SecondThought : Cleaned with backup
HKU\S-1-5-21-1417001333-492894223-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
[676] C:\WINDOWS\system32\MCOCOINS.dll -> Adware.Look2Me : Error during cleaning
[832] C:\WINDOWS\system32\dmonwv.dll -> Downloader.Agent.agw : Cleaned with backup
[992] C:\Program Files\FCAdvice\FCAdvice.exe -> Adware.CASClient : Cleaned with backup
C:\328520.exe -> Trojan.Small : Cleaned with backup
C:\counter.cab/counter.exe -> Dropper.Agent.az : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.347:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.379:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.382:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.384:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.385:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.386:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.387:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.390:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.391:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.392:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.457:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.518:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.537:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.598:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.599:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.604:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.609:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.610:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.611:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.612:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.613:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.614:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.618:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.625:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.652:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.653:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.654:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.655:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.656:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.664:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.698:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.699:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.704:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.705:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.706:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.707:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.708:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.744:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.748:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.756:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.757:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.758:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.759:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.760:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.761:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.762:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.763:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.769:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.782:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.783:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.784:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.787:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.796:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.797:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.801:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.802:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.803:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.804:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.805:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.811:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.812:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.821:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.822:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.823:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.824:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.827:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.828:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.847:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.859:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.877:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.878:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vjuvbsnn.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Matt\astr.exe -> Downloader.VB.na : Cleaned with backup
C:\Documents and Settings\Matt\Complete\ Games.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C
C:\Documents and Settings\Matt\Cookies\matt@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\!update.exe -> Downloader.PurityScan.w : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Cookies\matt@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\E6A14.tmp/slk8x2peu.exe -> Adware.Suggestor : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\E6A14.tmp/faotvpap7.exe -> Trojan.Runner.h : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\f144437406.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\i17.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\i83.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\res82C.tmp -> Adware.180Solutions : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\temp.fr0FA4\MediaAccC.dll -> Adware.WinAD : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\temp.fr0FA4\MediaAccK.exe -> Adware.WinAD : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\temp.fr46AC -> Adware.WinAD : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\temp.frC606\actalert.exe -> Downloader.Dyfuca.dp : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\uAB.tmp -> Adware.SurfSide : Cleaned with backup
C:\installerwnus.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\keyboard1.exe -> Downloader.VB.ys : Cleaned with backup
C:\krw1dn.exe -> Downloader.Agent.afi : Cleaned with backup
C:\mousepad1.exe -> Hijacker.VB.li : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Common Files\ffor\ffora.exe -> Downloader.TSUpdate.l : Cleaned with backup
C:\Program Files\Common Files\ffor\fforl.exe -> Downloader.TSUpdate.p : Cleaned with backup
C:\Program Files\Common Files\ffor\fform.exe -> Downloader.TSUpdate.n : Cleaned with backup
C:\Program Files\Common Files\ffor\fforp.exe -> Downloader.TSUpdate.f : Cleaned with backup
C:\Program Files\FCAdvice\FCAdvice.dll -> Adware.CASClient : Cleaned with backup
C:\Program Files\FCAdvice\FCAdvice.exe -> Adware.CASClient : Cleaned with backup
C:\Program Files\KLchat VmIRC\sys\dialog1.ini -> Not-A-Virus.Flooder.IRC.Extreme.821 : Cleaned with backup
C:\Program Files\outlook\outlook.exe -> Worm.VB.dw : Cleaned with backup
C:\Program Files\outlook\p.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Program Files\outlook\v.tmp -> Worm.VB.dw : Cleaned with backup
C:\Program Files\Qhzuqu\Qrtf.exe -> Trojan.Small.cy : Cleaned with backup
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup
C:\stub.exe -> Dropper.Agent.hl : Cleaned with backup
C:\temp\ZCWEDowST3.exe -> Dropper.Agent.rs : Cleaned with backup
C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\WINDOWS\876056.exe -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\bundles\HelperInstaller.exe -> Dropper.Delf.z : Cleaned with backup
C:\WINDOWS\bundles\SSK_B5.EXE -> Dropper.SurfSide.a : Cleaned with backup
C:\WINDOWS\bxxs5.dll_tobedeleted -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\Installer.exe -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\itwrqiqa.exe -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\keyboard6.exe -> Downloader.VB.zo : Cleaned with backup
C:\WINDOWS\mousepad6.exe -> Hijacker.VB.ly : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\nem220.dll_tobedeleted -> Downloader.Dyfuca : Cleaned with backup
C:\WINDOWS\newname6.exe -> Downloader.Adload.ae : Cleaned with backup
C:\WINDOWS\SS1001.exe -> Dropper.Small.qn : Cleaned with backup
C:\WINDOWS\svchost.exe -> Adware.WinAD : Cleaned with backup
C:\WINDOWS\SYSC00.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\system32\ad.html -> Hijacker.Agent.e : Cleaned with backup
C:\WINDOWS\system32\Cache\cxtpls_loader.exe -> Adware.Apropos : Cleaned with backup
C:\WINDOWS\system32\cusnd.dat -> Downloader.Qoologic.bj : Cleaned with backup
C:\WINDOWS\system32\dmonwv.dll -> Downloader.Agent.agw : Cleaned with backup
C:\WINDOWS\system32\expload.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\faotvpap7.exe -> Trojan.Runner.h : Cleaned with backup
C:\WINDOWS\system32\guard.tmp_tobedeleted -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\h62olgf3162.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\itmui.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\pre1.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\slk8x2peu.exe -> Adware.Suggestor : Cleaned with backup
C:\WINDOWS\system32\w9seq.dll -> Adware.Suggestor : Cleaned with backup
C:\WINDOWS\system32\winlog.exe -> Backdoor.Rbot : Cleaned with backup
C:\WINDOWS\system32\WinNB57.dll -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\system32\WіnSxS\logonui.exe -> Downloader.PurityScan.w : Cleaned with backup
C:\WINDOWS\system32\xlf.dll -> Trojan.Kolweb.f : Cleaned with backup
C:\WINDOWS\tqp.exe -> Adware.WinAD : Cleaned with backup
C:\WINDOWS\TWF0dCBCcmF5\asappsrv.dll -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\TWF0dCBCcmF5\command.exe -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\wallpap.exe -> Hijacker.Agent.gp : Cleaned with backup
C:\WINDOWS\win3208264-2070907.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\zdcuvma.exe -> Hijacker.VB.ij : Cleaned with backup
C:\WINDOWS\Zyfseqry.dll -> Adware.BookedSpace : Cleaned with backup
C:\ZICORN001.exe -> Adware.ZenoSearch : Cleaned with backup


::Report End

#6 Romine

Romine
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 01 April 2006 - 02:22 AM

Hijack this log..
Logfile of HijackThis v1.99.1
Scan saved at 2:20:13 AM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
F:\ewido anti-malware\ewidoctrl.exe
F:\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\zdcuvmaA.exe
C:\Program Files\EQAdvice\EQAdvice.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
F:\Hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\nhuor.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xcbrcvv.exe
O4 - HKLM\..\Run: [zdcuvmaA] C:\WINDOWS\zdcuvmaA.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [slods] C:\WINDOWS\system32\wxekrq.exe reg_run
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Adobe\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll
O20 - AppInit_DLLs: Runner.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - F:\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

and then the look2me log, which btw locked up my computer each time instead of shutting it down... and one time I got the error "isactiveguard: RegOpenKeyEx failed 13 5"... if that is any help


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 4/1/2006 2:03:07 AM

Infected! C:\System Volume Information\_restore{1ECFA2E9-22E1-4303-8D11-794F3605A8AD}\RP995\A0332314.dll
Infected! C:\System Volume Information\_restore{1ECFA2E9-22E1-4303-8D11-794F3605A8AD}\RP995\A0332315.dll
Infected! C:\System Volume Information\_restore{1ECFA2E9-22E1-4303-8D11-794F3605A8AD}\RP995\A0332316.dll
Infected! C:\System Volume Information\_restore{1ECFA2E9-22E1-4303-8D11-794F3605A8AD}\RP995\A0332317.dll

Attempting to delete infected files...

Attempting to delete: C:\System Volume Information\_restore{1ECFA2E9-22E1-4303-8D11-794F3605A8AD}\RP995\A0332314.dll
C:\System Volume Information\_restore{1ECFA2E9-22E1-4303-8D11-794F3605A8AD}\RP995\A0332314.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{1ECFA2E9-22E1-4303-8D11-794F3605A8AD}\RP995\A0332315.dll
C:\System Volume Information\_restore{1ECFA2E9-22E1-4303-8D11-794F3605A8AD}\RP995\A0332315.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{1ECFA2E9-22E1-4303-8D11-794F3605A8AD}\RP995\A0332316.dll
C:\System Volume Information\_restore{1ECFA2E9-22E1-4303-8D11-794F3605A8AD}\RP995\A0332316.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{1ECFA2E9-22E1-4303-8D11-794F3605A8AD}\RP995\A0332317.dll
C:\System Volume Information\_restore{1ECFA2E9-22E1-4303-8D11-794F3605A8AD}\RP995\A0332317.dll Deleted successfully!

Making registry repairs.


Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

#7 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:03 PM

Posted 01 April 2006 - 02:44 AM

Wow, some huge progress :thumbsup:

==

Please run a scan with HijackThis and check the following objects for removal:

O4 - HKLM\..\Run: [zdcuvmaA] C:\WINDOWS\zdcuvmaA.exe
O4 - HKCU\..\Run: [slods] C:\WINDOWS\system32\wxekrq.exe reg_run
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll
O20 - AppInit_DLLs: Runner.dll


Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Please reboot.

==

Please copy the following text in the quotebox below to a blank Notepad file. Make sure the filetype is set to "All Files" and save it as Killqoo.reg to your desktop.

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\System32\\userinit.exe,xcbrcvv.exe"


Now double-click on the Killqoo.reg on your desktop and allow it to merge with registry by clicking YES on the prompt.

==

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • Select: Unregister .dll Before Deletion (you can actually check this box only after you have added the files for deletion.)
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\nhuor.exe
    C:\WINDOWS\zdcuvmaA.exe
    C:\WINDOWS\zdcuvma.exe
    C:\WINDOWS\System32\Runner.dll
    C:\WINDOWS\system32\wxekrq.exe
    C:\WINDOWS\system32\dmonwv.dll
    C:\WINDOWS\system32\w9seq.dll


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

==

Post back with a fresh HijackThis log. :flowers:

Edited by Rawe, 01 April 2006 - 02:45 AM.

Hi there, stranger!

#8 Romine

Romine
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 01 April 2006 - 11:36 AM

Thanks so much for following this through.. here is my new hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 11:35:21 AM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
F:\ewido anti-malware\ewidoctrl.exe
F:\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,xcbrcvv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Adobe\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - F:\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#9 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:03 PM

Posted 01 April 2006 - 11:51 AM

Nice job! :thumbsup:

Please print these instructions out, or write them down, as you can't read them during the fix.

Please run a scan with HijackThis and check the following object for removal:

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,xcbrcvv.exe

Close ALL other open windows except for HijackThis and hit FIX CHECKED.

==

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


==

Run a second scan with HijackThis this time check the same object for removal if present:

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,xcbrcvv.exe

Again, close out ALL other open windows except for HijackThis and hit FIX CHECKED.

==

Using Windows Search - function, search for the following file and delete if present:

xcbrcvv.exe

Empty Recycle bin.

==

Reboot normally and post back with a fresh HijackThis log and let me know how the system works now. :flowers:
Hi there, stranger!

#10 Romine

Romine
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 01 April 2006 - 04:07 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:05:33 PM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
F:\ewido anti-malware\ewidoctrl.exe
F:\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Adobe\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - F:\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

I'm not getting any popups at the moment, it looks like it may be fixed if you don't see anything else. I really appreciate the time you took out to help me.. you're a life saver. Is there anywhere you can direct me for tips to not get spyware again so I don't clutter up my computer again?

#11 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:03 PM

Posted 01 April 2006 - 04:13 PM

Yep.. Your log does look clean. :thumbsup:

Great job. Are you sure you have no problems at the moment?

If so, then some preventive tips..

==

Please read here how to clear old restore points and create a new one.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Here's some tips for future to prevent spyware;

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed. (My favourite)
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have.
  • Firewall <= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.
And also see TonyKlein's good advice;
So how did I get infected in the first place? (My favourite)
Hi there, stranger!

#12 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:03 PM

Posted 02 April 2006 - 04:34 AM

Since this issue appears to be resolved, this Topic has been closed. Should you need this Topic reopened, please PM a Staff member with the address of this thread. :thumbsup:
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users