Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Problem, Would Like Some Help Please, :)


  • This topic is locked This topic is locked
18 replies to this topic

#1 lbarber4

lbarber4

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 17 June 2006 - 10:47 PM

Well, I'm not sure what else to do... I've done scans with Spyware doctor, ad aware se personal, symantec antivirus, and windows defender-also, I did a scan with spybot search and destroy, but I have to buy the program to delete what ever files it had found. Anyways, I've managed to delete most of the spyware quake infection, but my antivirus is still picking up adware.purityscan, and I'm not sure how to delete it. I would like to know whether or not it would be safe to input any credit card information online, or look up bank account information. As suggested through this site, I downloaded Hijackthis, and here's the log from it. Note: I've also done a panda antivirus scan, so if you would like to see that, too, let me know. Any help would be appreciated! Thank you, :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 7:37:19 PM, on 6/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MultiRes\MultiRes.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\TheBarberBunch\Local Settings\Application Data\c61b0ea6.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\2\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [c61b0ea6.exe] C:\WINDOWS\system32\c61b0ea6.exe
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [c61b0ea6.exe] C:\Documents and Settings\TheBarberBunch\Local Settings\Application Data\c61b0ea6.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148109851061
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\msconfig.dll C:\WINDOWS\system32\arpa.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

BC AdBot (Login to Remove)

 


m

#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:38 PM

Posted 18 June 2006 - 03:30 AM

Hello there, and welcome to BleepingComputer
Sorry for the delay in getting back to you.

At the moment I see a few infections in the log that need dealing with. I would also like to see the Panda scan when you reply with the new Hijackthis log and ewido log I have requested later on. If I were in your shoes I wouldn't be worried about using my credit details online; from the log I don't really see anything capable of keylogging etc. However, you may have a rootkit (rare) which Hijackthis is not showing, which may be capable of keylogging. Of course it is your decision, you might like to wait for a day or two until I give you the all clear and you can surf in the knowledge you won't get hacked.

*It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
It is important that you complete the following instructions in the correct order, and also that you don't miss anything out! :thumbsup:

Click on start, then control panel, and then double-click on add/remove programs. From within add/remove program uninstall the following if they exist by double-clicking on the following entries:

SpywareBot <--this is a rogue antispyware program.

* Please download Ewido anti-malware ; it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido by double-clicking on the icon on your desktop.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run it yet.

Reboot into SAFE MODE
By pressing the F8 key right when Windows starts, usually right after you hear your computer
beep when you reboot it (some versions of windows will display 'Starting Windows' with a grey progress bar)
you will be brought to a menu where you can choose to boot into safe mode.

*Now start a new scan with HJT and place a checkmark next to each of the following items (if present):

O4 - HKLM\..\Run: [c61b0ea6.exe] C:\WINDOWS\system32\c61b0ea6.exe
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [c61b0ea6.exe] C:\Documents and Settings\TheBarberBunch\Local Settings\Application Data\c61b0ea6.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\msconfig.dll C:\WINDOWS\system32\arpa.dll


* Make sure your Internet Explorer is closed and click on "Fix Checked" and exit HijackThis when finished.

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\system32\c61b0ea6.exe
C:\Program Files\SpywareBot
C:\Documents and Settings\TheBarberBunch\Local Settings\Application Data\c61b0ea6.exe
C:\WINDOWS\system32\arpa.dll
C:\WINDOWS\system32\msconfig.dll

* Open Ewido anti-malware
Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
Close Ewido

* Please reboot back to normal mode and post a new Hijackthis log and the ewido log.
David

#3 lbarber4

lbarber4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 18 June 2006 - 02:48 PM

Thanks for your help so far... Well, here are the logs as requested...

First one:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:26:19 AM, 6/18/2006
+ Report-Checksum: C3B29B34

+ Scan result:

[420] C:\WINDOWS\system32\arpa.dll -> Adware.PurityScan : Cleaned with backup
[472] C:\WINDOWS\system32\arpa.dll -> Adware.PurityScan : Error during cleaning
[484] C:\WINDOWS\system32\arpa.dll -> Adware.PurityScan : Error during cleaning
[644] C:\WINDOWS\system32\arpa.dll -> Adware.PurityScan : Error during cleaning
[720] C:\WINDOWS\system32\arpa.dll -> Adware.PurityScan : Error during cleaning
[828] C:\WINDOWS\system32\arpa.dll -> Adware.PurityScan : Error during cleaning
[928] C:\WINDOWS\system32\arpa.dll -> Adware.PurityScan : Error during cleaning
[980] C:\WINDOWS\system32\arpa.dll -> Adware.PurityScan : Error during cleaning
[1080] C:\WINDOWS\system32\arpa.dll -> Adware.PurityScan : Error during cleaning
[1360] C:\WINDOWS\system32\arpa.dll -> Adware.PurityScan : Error during cleaning
:mozilla.20:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Frank\Cookies\frank@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jennifer\Cookies\jennifer@homestore.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jennifer\Cookies\jennifer@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\TheBarberBunch\Cookies\thebarberbunch@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\TheBarberBunch\Cookies\thebarberbunch@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\TheBarberBunch\Cookies\thebarberbunch@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\TheBarberBunch\Cookies\thebarberbunch@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\TheBarberBunch\Cookies\thebarberbunch@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\TheBarberBunch\Cookies\thebarberbunch@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\RECYCLER\S-1-5-21-484763869-616249376-725345543-1004\Dc2.exe -> Adware.Trymedia : Cleaned with backup
C:\RECYCLER\S-1-5-21-484763869-616249376-725345543-1004\Dc3.exe -> Adware.Trymedia : Cleaned with backup
C:\WINDOWS\system32\arpa.dll -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\msconfig.dll -> Adware.PurityScan : Cleaned with backup
:mozilla.19:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.20:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.21:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.22:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.23:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.24:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.25:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.26:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.28:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.29:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.30:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.31:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.32:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.34:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.73:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.74:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.75:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.86:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.17:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.24:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.25:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.31:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.41:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.42:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.45:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.54:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.62:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.63:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.64:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.65:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.66:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.67:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.68:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.69:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.238:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.247:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.355:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.356:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.357:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.358:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.359:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.360:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.361:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.393:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.515:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.22:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.28:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.29:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.30:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.33:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.34:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.73:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.76:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.77:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.264:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.273:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.375:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.376:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.377:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.378:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.379:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.380:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.381:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.409:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.530:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.6:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.7:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.8:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.9:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.23:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.25:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.29:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.31:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.32:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.34:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.43:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.83:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.86:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.87:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.272:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.281:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.383:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.384:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.385:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.386:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.387:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.388:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.389:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.417:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.538:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.196:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-13.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.197:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-13.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.198:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-13.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.303:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-13.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.312:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-13.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.409:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-13.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.410:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-13.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.411:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-13.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.412:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-13.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.413:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-13.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.414:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-13.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.415:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-13.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.438:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-13.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.557:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-13.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.12:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-14.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.16:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-14.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.17:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-14.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.18:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-14.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.19:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-14.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.20:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-14.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.23:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-14.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.34:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-14.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.35:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-14.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.36:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-14.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.7:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.20:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.22:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.23:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.24:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.25:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.26:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.27:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.38:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.39:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.40:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.41:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.42:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.94:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.95:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.96:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.97:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.98:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.154:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.6:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-3.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.13:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-3.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.14:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-3.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.17:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-3.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.18:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-3.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.19:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-3.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.14:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-4.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.17:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-4.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.18:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-4.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.19:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-4.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.20:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-4.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.21:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-4.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.22:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-4.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.55:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-4.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.61:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-4.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.12:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-5.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.86:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-5.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.87:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-5.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.88:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-5.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.89:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-5.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.90:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-5.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.91:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-5.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.92:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-5.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.151:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-5.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.339:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-5.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.11:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-6.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.18:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-6.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.19:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-6.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.20:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-6.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.210:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-6.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.211:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-6.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.212:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-6.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.213:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-6.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.214:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-6.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.215:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-6.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.216:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-6.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.252:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-6.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.404:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-6.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.18:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.19:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.21:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.34:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.35:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.36:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.37:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.38:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.39:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.40:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.48:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.49:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.50:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.51:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.52:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.53:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.56:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.57:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.96:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.97:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.98:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.99:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.100:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.101:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.102:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.115:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.116:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.182:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.191:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.309:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.310:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.311:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.312:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.313:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.314:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.315:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.349:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.487:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.189:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-8.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.198:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-8.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.310:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-8.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.311:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-8.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.312:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-8.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.313:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-8.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.314:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-8.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.315:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-8.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.316:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-8.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.348:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-8.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.472:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-8.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.20:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-9.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.21:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-9.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.22:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-9.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.26:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-9.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.214:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-9.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.223:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-9.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.332:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-9.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.333:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-9.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.334:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-9.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.335:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-9.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.336:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-9.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.337:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-9.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.338:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-9.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.370:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-9.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.492:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-9.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.11:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.13:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.20:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.22:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.23:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.24:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.25:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.31:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.32:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.33:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.34:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.35:G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.36:G:\Documents and Settings\The Barber Bunch\Application Data\Mozi

#4 lbarber4

lbarber4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 18 June 2006 - 02:50 PM

And the other two...

Logfile of HijackThis v1.99.1
Scan saved at 11:49:19 AM, on 6/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MultiRes\MultiRes.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\2\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148109851061
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

3rd one: Panda Antivirus scan from yesterday...


Incident Status Location

Adware:Adware/SystemDoctor Not disinfected c:\windows\system32\c61b0ea6.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\arpa.dll
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\msconfig.dll
Dialer:dialer.avv Not disinfected c:\windows\downloaded program files\gdnUS2338.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\AAA\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\AAA\smitRem.exe[smitRem/Process.exe]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\fzfqmno1.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\TheBarberBunch\Cookies\thebarberbunch@target[2].txt
Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\TheBarberBunch\Local Settings\Application Data\c61b0ea6.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Mozilla Firefox\smitRem\Process.exe
Adware:Adware/Trymedia Not disinfected C:\RECYCLER\S-1-5-21-484763869-616249376-725345543-1004\Dc2.exe
Adware:Adware/Trymedia Not disinfected C:\RECYCLER\S-1-5-21-484763869-616249376-725345543-1004\Dc3.exe
Spyware:Cookie/Doubleclick Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt[.atdmt.com/]
Spyware:Cookie/CentrPort Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt[.centrport.net/]
Spyware:Cookie/PointRoll Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt[.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt[.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt[.questionmarket.com/]
Spyware:Cookie/Serving-sys Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-1.txt[bs.serving-sys.com/]
Spyware:Cookie/Mediaplex Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt[.mediaplex.com/]
Spyware:Cookie/Doubleclick Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt[.atdmt.com/]
Spyware:Cookie/Hitbox Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt[.hitbox.com/]
Spyware:Cookie/CentrPort Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt[.centrport.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt[.trafficmp.com/]
Spyware:Cookie/YieldManager Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt[ad.yieldmanager.com/]
Spyware:Cookie/Clickbank Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-10.txt[.clickbank.net/]
Spyware:Cookie/Doubleclick Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt[.doubleclick.net/]
Spyware:Cookie/Com.com Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt[.com.com/]
Spyware:Cookie/Mediaplex Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt[.mediaplex.com/]
Spyware:Cookie/YieldManager Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt[ad.yieldmanager.com/]
Spyware:Cookie/Clickbank Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-11.txt[.clickbank.net/]
Spyware:Cookie/Serving-sys Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt[.serving-sys.com/]
Spyware:Cookie/Atlas DMT Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt[.doubleclick.net/]
Spyware:Cookie/Hitbox Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt[.hitbox.com/]
Spyware:Cookie/CentrPort Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt[.centrport.net/]
Spyware:Cookie/YieldManager Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt[ad.yieldmanager.com/]
Spyware:Cookie/Clickbank Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-12.txt[.clickbank.net/]
Spyware:Cookie/YieldManager Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-13.txt[ad.yieldmanager.com/]
Spyware:Cookie/Clickbank Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-13.txt[.clickbank.net/]
Spyware:Cookie/Doubleclick Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-14.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-14.txt[.atdmt.com/]
Spyware:Cookie/PointRoll Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-14.txt[.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-14.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-14.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-14.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-14.txt[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt[.mediaplex.com/]
Spyware:Cookie/Serving-sys Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt[.serving-sys.com/]
Spyware:Cookie/Atlas DMT Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt[ad.yieldmanager.com/]
Spyware:Cookie/Cd Freaks Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-2.txt[.cdfreaks.com/]
Spyware:Cookie/Atlas DMT Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-3.txt[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-3.txt[.questionmarket.com/]
Spyware:Cookie/Doubleclick Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-3.txt[.doubleclick.net/]
Spyware:Cookie/Hitbox Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-3.txt[.hitbox.com/]
Spyware:Cookie/Doubleclick Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-4.txt[.doubleclick.net/]
Spyware:Cookie/PointRoll Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-4.txt[.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-4.txt[.mediaplex.com/]
Spyware:Cookie/PointRoll Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-4.txt[.ads.pointroll.com/]
Spyware:Cookie/Atlas DMT Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-4.txt[.atdmt.com/]
Spyware:Cookie/Clickbank Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-4.txt[.clickbank.net/]
Spyware:Cookie/Hitbox Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-4.txt[.hitbox.com/]
Spyware:Cookie/Atlas DMT Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-5.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-5.txt[ad.yieldmanager.com/]
Spyware:Cookie/Clickbank Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-5.txt[.clickbank.net/]
Spyware:Cookie/QuestionMarket Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-6.txt[.questionmarket.com/]
Spyware:Cookie/Atlas DMT Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-6.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-6.txt[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-6.txt[.mediaplex.com/]
Spyware:Cookie/YieldManager Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-6.txt[ad.yieldmanager.com/]
Spyware:Cookie/Clickbank Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-6.txt[.clickbank.net/]
Spyware:Cookie/2o7 Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt[.servedby.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt[.doubleclick.net/]
Spyware:Cookie/Serving-sys Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt[.serving-sys.com/]
Spyware:Cookie/Com.com Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt[.com.com/]
Spyware:Cookie/Hitbox Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt[.hitbox.com/]
Spyware:Cookie/Zedo Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt[.zedo.com/]
Spyware:Cookie/Tribalfusion Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt[ad.yieldmanager.com/]
Spyware:Cookie/Clickbank Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-7.txt[.clickbank.net/]
Spyware:Cookie/YieldManager Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-8.txt[ad.yieldmanager.com/]
Spyware:Cookie/Clickbank Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-8.txt[.clickbank.net/]
Spyware:Cookie/Hitbox Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-9.txt[.hitbox.com/]
Spyware:Cookie/Mediaplex Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-9.txt[.mediaplex.com/]
Spyware:Cookie/YieldManager Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-9.txt[ad.yieldmanager.com/]
Spyware:Cookie/Clickbank Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\0vjyj8ro.default\cookies-9.txt[.clickbank.net/]
Spyware:Cookie/Atlas DMT Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt[.doubleclick.net/]
Spyware:Cookie/Adserver Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt[.z1.adserver.com/]
Spyware:Cookie/Zedo Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt[.zedo.com/]
Spyware:Cookie/Advertising Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt[.advertising.com/]
Spyware:Cookie/Hitbox Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt[.hitbox.com/]
Spyware:Cookie/QuestionMarket Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt[.questionmarket.com/]
Spyware:Cookie/PointRoll Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt[.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt[.mediaplex.com/]
Spyware:Cookie/Atwola Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-1.txt[.atwola.com/]
Spyware:Cookie/Mediaplex Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-2.txt[.mediaplex.com/]
Spyware:Cookie/Doubleclick Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-2.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-2.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-2.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-2.txt[.ads.pointroll.com/]
Spyware:Cookie/Hitbox Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Mozilla\Firefox\Profiles\utts7pxt.Default User\cookies-2.txt[.hitbox.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Phoenix\Profiles\default\c5lgqohj.slt\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Phoenix\Profiles\default\c5lgqohj.slt\cookies.txt[server.iad.liveperson.net/hc/25513229]
Spyware:Cookie/Server.iad.Liveperson Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Phoenix\Profiles\default\c5lgqohj.slt\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Phoenix\Profiles\default\c5lgqohj.slt\cookies.txt[server.iad.liveperson.net/hc/25513229]
Spyware:Cookie/Hitbox Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Phoenix\Profiles\default\c5lgqohj.slt\cookies.txt[.hitbox.com/]
Spyware:Cookie/2o7 Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Phoenix\Profiles\default\c5lgqohj.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Phoenix\Profiles\default\c5lgqohj.slt\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Phoenix\Profiles\default\c5lgqohj.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Phoenix\Profiles\default\c5lgqohj.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Phoenix\Profiles\default\c5lgqohj.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Phoenix\Profiles\default\c5lgqohj.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/CentrPort Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Phoenix\Profiles\default\c5lgqohj.slt\cookies.txt[.centrport.net/]
Spyware:Cookie/PointRoll Not disinfected G:\Documents and Settings\The Barber Bunch\Application Data\Phoenix\Profiles\default\c5lgqohj.slt\cookies.txt[.ads.pointroll.com/]

#5 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:38 PM

Posted 18 June 2006 - 02:57 PM

Hi again lbarber4.

*It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
* Go to start > run and type: regsvr32 /u occache.dll
(or copy and paste this in the field in start > run )
Click Ok

Please delete following three files (if present):

C:\WINDOWS\system32\c61b0ea6.exe
C:\WINDOWS\system32\msconfig.dll
C:\WINDOWS\\Downloaded Program Files\gdnUS2338.exe

* Go to start > run and type regsvr32 occache.dll

* Open hijackthis, click 'config' (bottom right)
Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'
In the field, copy and paste next:

C:\WINDOWS\system32\arpa.dll

Click open.
Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now.
When asked if you want to reboot now, say Yes.

After reboot:
  • Open HijackThis
  • Click on Config
  • Click on Misc tools
  • Click on Generate start up log
  • Click the Yes button A NotePad window will appear with a log.
  • Close HijackThis.
Copy and paste the contents of NotePad here in your reply, along with a new standard hijackthis log.

David

#6 lbarber4

lbarber4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 18 June 2006 - 03:49 PM

Well, here is the start up log, and the new Hijackthis log... Again: Thank you for your help!

StartupList report, 6/18/2006, 12:46:46 PM
StartupList version: 1.52.2
Started from : C:\Program Files\HijackThis\2\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MultiRes\MultiRes.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\2\HijackThis.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Logfile of HijackThis v1.99.1
Scan saved at 12:46:22 PM, on 6/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MultiRes\MultiRes.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\2\HijackThis.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148109851061
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Edited by lbarber4, 18 June 2006 - 03:51 PM.


#7 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:38 PM

Posted 18 June 2006 - 03:53 PM

Unfortunatley I think you missed a bit of the startup list, can you please repost that bit that please :thumbsup:
Davod

#8 lbarber4

lbarber4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 18 June 2006 - 03:58 PM

oh, sorry about that, here it is...

StartupList report, 6/18/2006, 12:57:56 PM
StartupList version: 1.52.2
Started from : C:\Program Files\HijackThis\2\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MultiRes\MultiRes.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\2\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

MultiRes = C:\Program Files\MultiRes\MultiRes.exe
AtiPTA = atiptaxx.exe
IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
vptray = C:\PROGRA~1\SYMANT~1\VPTray.exe
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
Google Desktop Search = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
Picasa Media Detector = C:\Program Files\Picasa2\PicasaMediaDetector.exe
LVCOMSX = C:\WINDOWS\system32\LVCOMSX.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

MP Scheduled Scan.job

--------------------------------------------------

Enumerating Download Program Files:

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/...b?1148109851061

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Zintro.ocx
CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: *Registry key not found*
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 7,782 bytes
Report generated in 0.094 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#9 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:38 PM

Posted 18 June 2006 - 04:00 PM

The logs are fine - I see a clean log.
How do you feel the computer is running?
David

#10 lbarber4

lbarber4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 18 June 2006 - 04:07 PM

It's running pretty good, it started up much faster, and there doesn't seem to be any slow down... Do you think it's safe enough to check bank statements online now? Also, is there anything you recommend continuing to do on a daily, or weekly basis?

Edited by lbarber4, 18 June 2006 - 04:10 PM.


#11 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:38 PM

Posted 18 June 2006 - 04:11 PM

Well, I will give you ultimate peace of mind if you like. Running the following two scans will let me know whether there are any files that are capable of keylogging on your computer. I understand your concern and it's not uncommon. If I were in your shoes I would be happy to check my bank details and be confident that I have a clean bill of health, however the following two scans will finalise that.
  • Please download and unzip Rootkit Revealer to your desktop.
  • Please leave the defaults set as they are to:
    • Hide NTFS Metadata Files: this option is on by default
    • Scan Registry: this option is on by default.
  • Launch rootkit revealer on the system and press the Scan button. RootkitRevealer scans the system reporting its actions in a status area at the bottom of its window and noting discrepancies in the output list. It may take a long time please disconnect from the internet and leave the PC to be scanned until it is finished.
  • The log can be very large please edit out the items in the following folders in the log : C:\RECYCLER\NPROTECT and C:\System Volume Information, if in the log, before posting it.
  • Please post the balance of the log here in this thread using Add Reply (please double check that it has all been posted as it may be too long for one post)
Then Download and Save blacklite to your desktop.
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
leave [X]scan through windows explorer checked,
click > scan then > next,
You'll see a list of all items found.
Don't choose for rename yet! I want to see the log first, because legit items can also be present there... like "wbemtest.exe"
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste this log along with the rootkit revealer log.

David

Edited by D-Trojanator, 18 June 2006 - 04:11 PM.


#12 lbarber4

lbarber4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 18 June 2006 - 05:46 PM

I'll post the rootkit log again in a little bit

Edited by lbarber4, 18 June 2006 - 06:14 PM.


#13 lbarber4

lbarber4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 18 June 2006 - 06:13 PM

Well, here you go... I also ran the blacklight test, but nothing was found... Also, by posting up my logs, is it possible that I may have posted valuable information that could be stolen by someone?

HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 6/18/2006 1:17 PM 80 bytes Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{C0D96A1B-4FCD-4054-A13F-4CAE4028CC3D} 6/18/2006 1:23 PM 3.04 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04040000 6/18/2006 1:23 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04040000.VBN 6/18/2006 1:23 PM 3.59 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04040000\4495C44E.VBN 6/18/2006 1:23 PM 12.11 KB Hidden from Windows API.
C:\Documents and Settings\TheBarberBunch\Local Settings\Temporary Internet Files\Content.IE5\1AZD157F\desktop.ini 6/18/2006 12:29 PM 67 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\TheBarberBunch\Local Settings\Temporary Internet Files\Content.IE5\1AZD157F\favicon[1].ico 6/18/2006 12:55 PM 318 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\TheBarberBunch\Local Settings\Temporary Internet Files\Content.IE5\CLMFOPIR\desktop.ini 6/18/2006 12:29 PM 67 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\TheBarberBunch\Local Settings\Temporary Internet Files\Content.IE5\SEVNTM8K\desktop.ini 6/18/2006 12:29 PM 67 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilDrv10615.sys 6/18/2006 1:21 PM 87.14 KB Hidden from Windows API.
C:\Program Files\Symantec AntiVirus\SAVRT\0165NAV~.TMP 6/18/2006 1:30 PM 0 bytes Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP133\change.log 6/18/2006 1:14 PM 976 bytes Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP133\change.log.1 6/18/2006 1:22 PM 1.17 KB Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP133\drivetable.txt 6/18/2006 1:23 PM 264 bytes Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134 6/18/2006 1:23 PM 0 bytes Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\change.log 6/18/2006 1:23 PM 1.59 KB Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\RestorePointSize 6/18/2006 1:23 PM 8 bytes Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\rp.log 6/18/2006 1:23 PM 536 bytes Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot 6/18/2006 1:23 PM 0 bytes Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\_REGISTRY_MACHINE_SAM 6/18/2006 1:23 PM 24.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\_REGISTRY_MACHINE_SECURITY 6/18/2006 1:22 PM 44.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\_REGISTRY_MACHINE_SOFTWARE 6/18/2006 1:22 PM 18.89 MB Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\_REGISTRY_MACHINE_SYSTEM 6/18/2006 1:23 PM 5.36 MB Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\_REGISTRY_USER_.DEFAULT 6/18/2006 1:22 PM 328.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18 6/12/2006 9:53 PM 256.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19 6/18/2006 1:22 PM 240.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20 6/18/2006 1:22 PM 240.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-484763869-616249376-725345543-1004 6/18/2006 1:22 PM 2.06 MB Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-484763869-616249376-725345543-1006 6/18/2006 1:22 PM 556.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-484763869-616249376-725345543-1007 6/18/2006 1:22 PM 544.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19 6/18/2006 1:22 PM 12.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20 6/18/2006 1:22 PM 12.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-484763869-616249376-725345543-1004 6/18/2006 1:22 PM 12.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\ComDb.Dat 5/20/2006 9:09 PM 22.57 KB Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\domain.txt 6/18/2006 1:23 PM 42 bytes Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\Repository 6/18/2006 1:23 PM 0 bytes Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\Repository\$WinMgmt.CFG 6/18/2006 12:44 PM 20 bytes Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\Repository\FS 6/18/2006 1:23 PM 0 bytes Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\Repository\FS\INDEX.BTR 6/18/2006 1:22 PM 1.22 MB Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\Repository\FS\INDEX.MAP 6/18/2006 1:22 PM 672 bytes Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\Repository\FS\MAPPING.VER 6/18/2006 1:22 PM 4 bytes Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\Repository\FS\MAPPING1.MAP 6/18/2006 1:22 PM 3.38 KB Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\Repository\FS\MAPPING2.MAP 6/18/2006 1:22 PM 3.38 KB Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\Repository\FS\OBJECTS.DATA 6/18/2006 1:22 PM 5.35 MB Hidden from Windows API.
C:\System Volume Information\_restore{52A3E7BC-9A5C-4138-854F-412CE972723A}\RP134\snapshot\Repository\FS\OBJECTS.MAP 6/18/2006 1:22 PM 2.73 KB Hidden from Windows API.

Edited by lbarber4, 19 June 2006 - 02:50 AM.


#14 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:38 PM

Posted 19 June 2006 - 03:01 AM

Hi there lbarber4. :thumbsup:

These logs are fine - you are safe to browse the net and input your bank details. The latest log is looking clean!
Follow this list and your potential for being infected again will reduce dramatically.

Use an Anti Virus Software -
* It is very important that your computer has an anti-virus software running on your machine.
* This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
* Click here for more information on -> * Computer Safety On line - Anti-Virus[
* I would recommend Grisoft's AVG or AVAST.
* These are the more secure and better ones.

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall -
* I can not stress how important it is that you use a Firewall on your computer.
* Without a firewall your computer is susceptible to being hacked and taken over.
* Simply using a Firewall in its default configuration can lower your risk greatly.
* For an article on Firewalls and a listing of some available ones see the link below:
* Click here for more information on -> Computer Safety On line - Software Firewalls
* I would recommend ZoneAlarm as a firewall as it's easy to use.

Visit Microsoft's Windows Update Site Frequently -
* It is important that you visit http://www.windowsupdate.com regularly.
* This will ensure your computer has always the latest security updates available installed on your computer.
* If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly

Install Spybot© - Search and Destroy- Install and download Spybot - Search and Destroy with its TeaTimer option.
* This will provide real-time spyware & hijacker protection on your computer alongside your virus protection.
* You should also scan your computer with program on a regular basis just as you would an anti virus software.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Lavasofts© Ad-Aware - Install and download Ad-Aware.
* You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Javacools© SpywareBlaster -
* SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
* A article on anti-malware products with links for this program and others can be found here:
* Click here for more info -->Computer Safety on line - Anti-Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

If you have any addition questions just ask...
David

#15 lbarber4

lbarber4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 21 June 2006 - 03:27 AM

David, I would like to personally thank you for all your help! :thumbsup: Computer is running much better now; the only thing that comes up through my antivirus scan is lsass.exe, but I've seen no slow down in system performance. If you think this may be a problem, please let me know if you can? I'm not sure whether or not it is dangerous, and google search has yet to change that opinion. Again, thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users