Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log - Torison


  • This topic is locked This topic is locked
13 replies to this topic

#1 Torison

Torison

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 05 July 2006 - 03:46 PM

hi guys,

could you please give me a hand with this ive been gettin galot of popups lately, regardless of which browser i use :thumbsup:

heres the log:
Logfile of HijackThis v1.99.1
Scan saved at 9:42:46 PM, on 7/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\mgoc\PSCRIPT.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
c:\dfndrd_4.exe
C:\WINDOWS\S2BldmluIFdhcmQ\command.exe
c:\ac3_0010.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\{292316E7-04AE-2057-0326-030309040001}\Update.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\simtest\sysstall.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\K`evin Ward\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 9\LaunchList.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [mapi mpeg] C:\DOCUME~1\K`EVIN~1\APPLIC~1\WAVEBA~1\DartBows.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PScript.lnk = C:\mgoc\PSCRIPT.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D9ED3A-E69D-4780-A102-20F9B42BB017}: NameServer = 62.241.162.200 62.241.163.201
O17 - HKLM\System\CS1\Services\Tcpip\..\{27D9ED3A-E69D-4780-A102-20F9B42BB017}: NameServer = 62.241.162.200 62.241.163.201
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\mndtclog.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S2BldmluIFdhcmQ\command.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

thanks loads in advance
torison

BC AdBot (Login to Remove)

 


m

#2 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 05 July 2006 - 09:11 PM

Hi,

Welcome to BleepingComputer. I will be more than happy to help you work on your problems.
Please give me some time to review your log as this can be a lengthy process. As soon as a BleepingComputer Staff Expert reviews my fix, I will post it for you.
In the mean time, if any problems occur. Please let me know.
Please only use this topic to reply to. Do not start another thread.
The fixes we will use are specific to your problems and should only be used for this issue on this machine.
If youíre unsure of anything at all please stop and ask!
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#3 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 06 July 2006 - 12:10 AM

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

In your next post, please include
  • new hijackthis log
  • combofix log
*use separate posts to ensure the logs don't get cut off!
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#4 Torison

Torison
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 08 July 2006 - 10:25 AM

Hi there, thanks for the help, heres the combofix log:

Start Time= Sat 07/08/2006 16:17:40.65
Running from: C:\Program Files\Mozilla Firefox

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{9AAC65BC-DE1E-422F-9580-92071A7FBD75}]
@=""

[HKEY_CLASSES_ROOT\clsid\{9AAC65BC-DE1E-422F-9580-92071A7FBD75}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{9AAC65BC-DE1E-422F-9580-92071A7FBD75}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{9AAC65BC-DE1E-422F-9580-92071A7FBD75}\InprocServer32]
@="C:\\WINDOWS\\system32\\mbperf.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\SYSTEM32\mbperf.dll
C:\WINDOWS\SYSTEM32\mndtclog.dll
C:\WINDOWS\SYSTEM32\k6lqlg3516.dll
C:\WINDOWS\SYSTEM32\l42s0ef7eh2.dll


Granting sedebugprivilege to Administrators ... successful


(((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169590.dll
C:\Program Files\SurfSideKick 3\SskBho.dll
C:\Program Files\SurfSideKick 3\SskCore.dll
C:\Program Files\SurfSideKick 3\Ssk.exe
C:\Documents and Settings\K`evin Ward\Local Settings\Temporary Internet Files\Ssk.log
C:\Documents and Settings\K`evin Ward\Application Data\Sskknwrd.dll
C:\WINDOWS\system32\bk.exe


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



16:20:03.43
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\dfndrd_4.exe
C:\nwnmd_4.exe
C:\kybrdd_4.exe
C:\Documents and Settings\K`evin Ward\Local Settings\Temporary Internet Files\Content.IE5\G9IFG9MZ\Mendoza1[1].exe
C:\Documents and Settings\K`evin Ward\Local Settings\Temporary Internet Files\Content.IE5\KCVIIV0W\drsmartload849a[1].exe
C:\Documents and Settings\K`evin Ward\Local Settings\Temporary Internet Files\Content.IE5\KCVIIV0W\nwnmd_4[1].exe
C:\Documents and Settings\K`evin Ward\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\drsmartload[1].exe
C:\Documents and Settings\K`evin Ward\Local Settings\Temporary Internet Files\Content.IE5\RAK3V5OL\drsmartload45a[1].exe
C:\Documents and Settings\K`evin Ward\Local Settings\Temporary Internet Files\Content.IE5\RAK3V5OL\dfndrd_4[1].exe
C:\Documents and Settings\K`evin Ward\Local Settings\Temporary Internet Files\Content.IE5\TJ3JP9CE\drsmartload46a[1].exe
C:\Documents and Settings\K`evin Ward\Local Settings\Temporary Internet Files\Content.IE5\TJ3JP9CE\kybrdd_4[1].exe
C:\WINDOWS\keyboard1.dat
C:\MTE3NDI6ODoxNgnew.exe
C:\WINDOWS\SYSTEM32\atmtd.dll.tmp
C:\Documents and Settings\K`evin Ward\Local Settings\Temporary Internet Files\Content.IE5\OD2F45UJ\MTE3NDI6ODoxNg[1].exe
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\svchostsys
C:\Documents and Settings\LocalService\Application Data\NetMon


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-05 21:35:22 1063 ( A.... ) "C:\WINDOWS\SYSTEM32\koha1f1f.sys"
2006-07-05 21:35:22 1063 ( A.... ) "C:\WINDOWS\SYSTEM32\koha1f1f.sys"
2006-07-05 21:31:24 ( .D... ) "C:\Documents and Settings\K`evin Ward\Application Data\Webroot"
2006-07-05 19:16:30 61440 ( A.... ) "C:\WINDOWS\SYSTEM32\koha1f1f.dll"
2006-07-05 19:16:26 ( .D... ) "C:\Program Files\Common Files\kqmi"
2006-07-05 19:16:26 ( .D... ) "C:\Program Files\Common Files\{292316E7-04AE-2057-0326-030309040001}"
2006-07-05 19:16:22 29696 ( A.... ) "C:\WINDOWS\SYSTEM32\w00db561.dll"
2006-07-05 19:16:18 2560 ( A.... ) "C:\ac3_0010.exe"
2006-07-05 19:15:52 30208 ( A.... ) "C:\SS1001new.exe"
2006-07-05 19:15:24 48190 ( A.... ) "C:\VSL02new.exe"
2006-06-09 02:19:50 5967776 ( A.... ) "C:\WINDOWS\SYSTEM32\MRT.exe"
2006-06-07 18:55:52 3753 ( A.... ) "C:\Program Files\html2.htm"
2006-06-07 18:55:52 3626 ( A.... ) "C:\Program Files\html1.htm"
2006-06-01 19:47:08 163840 ( A.... ) "C:\WINDOWS\SYSTEM32\jgdw400.dll"
2006-06-01 19:47:08 27648 ( A.... ) "C:\WINDOWS\SYSTEM32\jgpl400.dll"
2006-05-29 16:30:34 1494016 ( A.... ) "C:\WINDOWS\SYSTEM32\shdocvw.dll"
2006-05-23 14:04:16 669002 ( A.... ) "C:\WINDOWS\unins000.exe"
2006-05-21 12:25:40 ( .D... ) "C:\Program Files\Common Files\xing shared"
2006-05-21 12:25:30 176167 ( A.... ) "C:\WINDOWS\SYSTEM32\rmoc3260.dll"
2006-05-21 12:25:12 6656 ( A.... ) "C:\WINDOWS\SYSTEM32\pndx5016.dll"
2006-05-21 12:25:12 5632 ( A.... ) "C:\WINDOWS\SYSTEM32\pndx5032.dll"
2006-05-21 12:25:08 278528 ( A.... ) "C:\WINDOWS\SYSTEM32\pncrt.dll"
2006-05-21 12:24:34 ( .D... ) "C:\Documents and Settings\K`evin Ward\Application Data\Real"
2006-05-19 16:08:32 3052544 ( A.... ) "C:\WINDOWS\SYSTEM32\mshtml.dll"
2006-05-18 06:24:26 450560 ( A.... ) "C:\WINDOWS\SYSTEM32\jscript.dll"
2006-05-14 09:44:08 181248 ( A.... ) "C:\WINDOWS\SYSTEM32\rasmans.dll"
2006-05-11 09:23:24 24576 ( A.... ) "C:\WINDOWS\SYSTEM32\xpsp3res.dll"
2006-05-10 06:23:04 658432 ( A.... ) "C:\WINDOWS\SYSTEM32\wininet.dll"
2006-05-10 06:23:02 613888 ( A.... ) "C:\WINDOWS\SYSTEM32\urlmon.dll"
2006-05-10 06:23:02 532480 ( A.... ) "C:\WINDOWS\SYSTEM32\mstime.dll"
2006-05-10 06:23:02 474112 ( A.... ) "C:\WINDOWS\SYSTEM32\shlwapi.dll"
2006-05-10 06:23:02 448512 ( A.... ) "C:\WINDOWS\SYSTEM32\mshtmled.dll"
2006-05-10 06:23:02 146432 ( A.... ) "C:\WINDOWS\SYSTEM32\msrating.dll"
2006-05-10 06:23:02 39424 ( A.... ) "C:\WINDOWS\SYSTEM32\pngfilt.dll"
2006-05-10 06:23:00 1054208 ( A.... ) "C:\WINDOWS\SYSTEM32\danim.dll"
2006-05-10 06:23:00 1022976 ( A.... ) "C:\WINDOWS\SYSTEM32\browseui.dll"
2006-05-10 06:23:00 357888 ( A.... ) "C:\WINDOWS\SYSTEM32\dxtmsft.dll"
2006-05-10 06:23:00 251392 ( A.... ) "C:\WINDOWS\SYSTEM32\iepeers.dll"
2006-05-10 06:23:00 205312 ( A.... ) "C:\WINDOWS\SYSTEM32\dxtrans.dll"
2006-05-10 06:23:00 151040 ( A.... ) "C:\WINDOWS\SYSTEM32\cdfview.dll"
2006-05-10 06:23:00 96256 ( A.... ) "C:\WINDOWS\SYSTEM32\inseng.dll"
2006-05-10 06:23:00 55808 ( ..... ) "C:\WINDOWS\SYSTEM32\extmgr.dll"
2006-05-10 06:23:00 16384 ( A.... ) "C:\WINDOWS\SYSTEM32\jsproxy.dll"
2006-04-29 06:07:48 5533696 ( A.... ) "C:\WINDOWS\SYSTEM32\wmp.dll"
2004-04-14 16:16:52 11079 ( ...H. ) "C:\Program Files\folder.htt"
2004-04-14 16:16:52 266 ( ..SH. ) "C:\Program Files\desktop.ini"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-05 19:16 61,440 C:\WINDOWS\system32\koha1f1f.dll
2006-07-05 19:16 29,696 C:\WINDOWS\system32\w00db561.dll
2006-07-05 19:16 2,560 C:\ac3_0010.exe
2006-07-05 19:16 1,063 C:\WINDOWS\system32\koha1f1f.sys
2006-07-05 19:15 48,190 C:\VSL02new.exe
2006-07-05 19:15 30,208 C:\SS1001new.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SystemTray"="SysTray.Exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Browser MOUSE\\mouse32a.exe"
"FLMK08KB"="C:\\Program Files\\Muiltmedia keyboard utility\\1.3\\MMKEYBD.EXE"
"CnxDslTaskBar"="C:\\Program Files\\Conexant\\AccessRunner ADSL\\CnxDslTb.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Lexmark X74-X75"="\"C:\\Program Files\\Lexmark X74-X75\\lxbbbmgr.exe\""
"LaunchList"="C:\\Program Files\\Pinnacle\\Studio 9\\LaunchList.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"mapi mpeg"="C:\\DOCUME~1\\K`EVIN~1\\APPLIC~1\\WAVEBA~1\\DartBows.exe"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /0"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{292316E7-04AE-2057-0326-030309040001}"="\"C:\\Program Files\\Common Files\\{292316E7-04AE-2057-0326-030309040001}\\Update.exe\" mc-110-12-0000228"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Update"="wumgrd.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Microsoft Update"="wumgrd.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"

HKEY_LOCAL_MACHINE\system\controlset001\control\safeboot\minimal\vds
HKEY_LOCAL_MACHINE\system\controlset001\control\safeboot\minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\system\controlset003\control\safeboot\minimal\vds
HKEY_LOCAL_MACHINE\system\controlset003\control\safeboot\minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Tune-up Application Start.job
C:\WINDOWS\tasks\Uninstall Expiration Reminder.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\A9F751DA9184C906.job
C:\WINDOWS\tasks\AF478123918432D7.job
C:\WINDOWS\tasks\AE9C56569187C682.job
C:\WINDOWS\tasks\AE8AFCFA90917036.job

Completion time: Sat 07/08/2006 16:21:08.88
ComboFix ver 06.07.07 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-07-08.161518.txt
ComboFix.2006-07-08.161740.txt

#5 Torison

Torison
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 08 July 2006 - 10:27 AM

Heres the Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 4:26:01 PM, on 7/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\{292316E7-04AE-2057-0326-030309040001}\Update.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\mgoc\PSCRIPT.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\K`evin Ward\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {088FAD62-0F2B-65E6-CDC8-62FB2F050113} - C:\DOCUME~1\Kat\APPLIC~1\metadupe\Fastsettings.exe (file missing)
O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 9\LaunchList.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [mapi mpeg] C:\DOCUME~1\K`EVIN~1\APPLIC~1\WAVEBA~1\DartBows.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PScript.lnk = C:\mgoc\PSCRIPT.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_02) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D9ED3A-E69D-4780-A102-20F9B42BB017}: NameServer = 62.241.162.200 62.241.163.201
O17 - HKLM\System\CS1\Services\Tcpip\..\{27D9ED3A-E69D-4780-A102-20F9B42BB017}: NameServer = 62.241.162.200 62.241.163.201
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

thanks loads in advance

#6 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 08 July 2006 - 01:40 PM

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3
  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

*****************************

Please download Ewido to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install Ewido by double clicking the installer.
  • Follow the prompts. Make sure that Launch Ewido is checked.
  • On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesfull message.
    Note: If the Update now option is grayed out, follow the steps below.
  • Click on Update on the toolbar.
  • Under Manual update, click on the Start Update button.
  • Wait until you see the Update succesfull message.
[*]Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
[/list]If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.

Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

***************************************

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml

***************************************

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let the program do itís job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
***************************************

reboot your system back into Normal Mode

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
in your next post, please include
  • new hijackthis log
  • ewido log
  • panda log
  • C:\NoLop.log
Your may need several replies to post the requested logs, otherwise they might get cut off.
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#7 Torison

Torison
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 10 July 2006 - 11:06 AM

Hi,
heres the Ewido log:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:41:29 PM 7/10/2006

+ Scan result:



C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP238\A0101428.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\S2BldmluIFdhcmQ\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\koha1f1f.dll -> Adware.IEHelper : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP237\A0099484.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP237\A0099485.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP237\A0099486.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP237\A0099487.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP237\A0099488.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP237\A0099489.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP237\A0099490.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP238\A0101443.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP238\A0101503.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP238\A0101504.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP238\A0101505.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP238\A0101506.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP237\A0099471.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP238\A0101485.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP238\A0101488.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP237\A0099479.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP237\A0099470.exe -> Downloader.Adload.ct : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP238\A0101448.exe -> Downloader.Adload.cu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP238\A0101449.exe -> Downloader.Adload.cu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP238\A0101450.exe -> Downloader.Adload.cu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP237\A0099469.exe -> Downloader.Adload.cv : Cleaned with backup (quarantined).
C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\Cache\0EEF8445d01/crack.exe -> Downloader.Adload.cw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP237\A0099466.exe -> Downloader.Adload.cw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP237\A0099468.exe -> Downloader.Adload.cw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP238\A0101498.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP238\A0101500.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\w00db561.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\ac3_0010.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP236\A0099443.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP237\A0099463.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP237\A0099465.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP238\A0101451.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\Cache\0EEF8445d01/install.exe -> Downloader.Small.bwy : Cleaned with backup (quarantined).
C:\Program Files\PLUS!\sanewyhax.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP237\A0099482.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP237\A0099478.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP237\A0099481.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP237\A0099483.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP237\A0099480.exe -> Downloader.TSUpdate.p : Cleaned with backup (quarantined).
C:\SS1001new.exe -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\Documents and Settings\Debbie\Local Settings\Temporary Internet Files\Content.IE5\89MV4TMV\send_ocx_sof[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup (quarantined).
C:\Documents and Settings\Debbie\Local Settings\Temporary Internet Files\Content.IE5\K56ZKHYV\send_ocx_sof[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP237\A0099462.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
:mozilla.600:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Kat\My Documents\Cookies\kat@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned with backup (quarantined).
:mozilla.213:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.784:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Kat\Cookies\kat@ad.adition[1].txt -> TrackingCookie.Adition : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.162:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.120:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.598:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.182:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.838:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.334:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.335:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.336:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.453:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.456:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.231:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.667:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.225:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
C:\Documents and Settings\Kat\My Documents\Cookies\kat@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\Kat\My Documents\Cookies\kat@cz5.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\Kat\My Documents\Cookies\kat@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\Kat\My Documents\Cookies\kat@cz9.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.176:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ja0ojsz6.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.594:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Debbie\Cookies\debbie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Kat\My Documents\Cookies\kat@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup (quarantined).
:mozilla.145:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.191:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.206:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.208:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.210:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.211:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.218:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.219:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.220:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.221:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.222:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.225:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.233:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.234:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.235:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.237:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.240:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.241:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.242:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.243:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.244:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.245:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.250:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.251:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.251:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.252:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.262:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.263:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.264:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.265:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.266:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.267:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.268:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.277:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.290:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.291:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.304:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.365:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.366:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.382:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.383:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.385:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.386:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.387:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.388:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.389:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.400:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.401:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.401:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.402:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.402:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.403:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.403:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.404:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.405:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.406:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.407:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.409:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.410:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.411:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.412:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.413:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.413:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.414:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.418:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.419:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.421:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.425:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.426:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.427:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.428:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.429:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.430:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.431:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.432:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.433:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.434:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.434:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.435:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.435:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.436:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.436:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.437:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.437:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.438:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.438:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.439:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.439:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.440:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.441:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.442:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.456:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.457:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.465:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.466:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.467:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.468:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.469:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.470:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.471:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.473:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.485:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.486:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.487:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.488:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.489:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.490:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.502:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.503:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.522:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.523:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.525:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.528:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.532:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.533:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.534:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.535:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.536:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.537:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.538:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.539:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.540:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.541:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.542:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.549:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.551:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.559:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.570:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.571:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.572:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.573:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.574:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.575:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.576:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.577:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.578:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.579:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.580:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.581:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.584:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.585:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.586:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.587:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.588:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.595:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.601:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.602:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.603:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.604:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.605:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.606:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.607:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.608:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.609:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.669:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.710:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.841:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.842:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.843:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.844:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.845:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.846:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.941:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.956:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Debbie\Cookies\debbie@e-2dj6wfkiwkdjalo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Debbie\Cookies\debbie@e-2dj6wjlygkd5oco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Kat\Cookies\kat@e-2dj6wflouod5gkp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Kat\Cookies\kat@e-2dj6wjlysidzcgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Kat\Cookies\kat@e-2dj6wjmielc5aap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Kat\Cookies\kat@e-2dj6wjnyqkdjkgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Kat\Cookies\kat@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliqgczieowwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.224:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.230:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.620:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.621:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\K`evin Ward\Cookies\k`evin ward@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\K`evin Ward\Cookies\k`evin ward@adopt.euroclick[3].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Kat\Cookies\kat@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.255:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.298:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.299:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.300:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.301:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.302:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.303:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Debbie\Cookies\debbie@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Debbie\Cookies\debbie@sel.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.169:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.230:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.241:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.269:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.340:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.351:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.367:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.376:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.460:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.492:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.

#8 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 10 July 2006 - 11:23 AM

you log got cut off.

could you post the rest of it, the panda log, and a new hijackthis log in separate new posts?

thanks,
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#9 Torison

Torison
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 10 July 2006 - 11:24 AM

ewido log continued:

:mozilla.492:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.497:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.499:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.504:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.596:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.355:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.356:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.557:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.568:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.570:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.806:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.926:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.927:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.933:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.934:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Kat\Cookies\kat@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.377:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
C:\Documents and Settings\Kat\My Documents\Cookies\kat@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.596:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Debbie\Cookies\debbie@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.591:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.592:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.593:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.114:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.152:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.603:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.147:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Debbie\Cookies\debbie@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Debbie\Cookies\debbie@questionmarket[3].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.173:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.174:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.176:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.177:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.178:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.181:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.182:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.183:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.184:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.207:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.208:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.209:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.210:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.211:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.212:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Debbie\Cookies\debbie@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Debbie\Cookies\debbie@serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.182:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.189:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.233:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.341:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.342:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.507:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.508:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.563:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.601:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.602:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.633:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.634:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.741:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.742:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.743:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.817:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.946:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.953:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.249:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.250:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.252:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.254:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.518:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.519:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.520:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.521:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.522:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.523:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.524:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.525:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.526:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.527:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.528:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.529:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.530:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.531:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.532:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.533:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.534:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.535:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.536:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.537:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.538:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.539:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.540:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.541:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.542:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.543:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.544:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.545:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.546:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.547:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.548:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.549:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.550:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.551:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.552:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.553:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.554:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.555:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.556:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.260:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.261:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.359:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.361:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.184:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.185:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.186:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.242:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.243:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.259:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.543:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.544:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.545:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.546:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.547:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.548:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.888:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.889:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.890:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.895:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.896:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.897:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.898:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.899:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.900:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.901:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.902:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.903:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.904:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.905:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.230:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ja0ojsz6.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Kat\My Documents\Cookies\kat@free.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned with backup (quarantined).
C:\Documents and Settings\Kat\My Documents\Cookies\kat@programs.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.198:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.199:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.200:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.201:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.202:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.203:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.204:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.162:C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.210:C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\06fptcod.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.414:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.415:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.416:C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\s0jr5uvr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FADE9D25-D75E-402F-BF31-B55DF289A958}\RP238\A0101496.exe -> Trojan.Zapchast.bl : Cleaned with backup (quarantined).


::Report end

#10 Torison

Torison
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 10 July 2006 - 11:27 AM

heres the nolop log:
NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\K`evin Ward\Desktop
[7/10/2006]
[11:51:35 AM]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\A9F751DA9184C906.job
C:\WINDOWS\tasks\AF478123918432D7.job
C:\WINDOWS\tasks\AE9C56569187C682.job
C:\WINDOWS\tasks\AE8AFCFA90917036.job


the panda scan is currently running, and i will rescan with hjt after, thanks again

#11 Torison

Torison
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 10 July 2006 - 12:27 PM

panda log:


Incident Status Location

Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\SYSTEM32\Tools\Restart.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\S2BldmluIFdhcmQ\mZ15xA5RKIx1wAk.vbs
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt[.winfixer.com/]
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt[.rn11.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt[.888.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt[.xmts.net/]
Spyware:Cookie/Intelli-tracker Not disinfected C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt[.www.intelli-tracker.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt[.belnk.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\K`evin Ward\Application Data\Mozilla\Firefox\Profiles\j6s4jsjy.default\cookies.txt[.did-it.com/]
Adware:Adware/MediaTickets Not disinfected C:\Documents and Settings\Kat\Local Settings\Temporary Internet Files\Content.IE5\4XG52RCD\CAB2I5JR.HTM

#12 Torison

Torison
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 10 July 2006 - 12:28 PM

heres the HJt log

Logfile of HijackThis v1.99.1
Scan saved at 6:27:32 PM, on 7/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\{292316E7-04AE-2057-0326-030309040001}\Update.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\mgoc\PSCRIPT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\K`evin Ward\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {088FAD62-0F2B-65E6-CDC8-62FB2F050113} - C:\DOCUME~1\Kat\APPLIC~1\metadupe\Fastsettings.exe (file missing)
O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 9\LaunchList.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [mapi mpeg] C:\DOCUME~1\K`EVIN~1\APPLIC~1\WAVEBA~1\DartBows.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PScript.lnk = C:\mgoc\PSCRIPT.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_02) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D9ED3A-E69D-4780-A102-20F9B42BB017}: NameServer = 62.241.163.200 62.241.162.201
O17 - HKLM\System\CS1\Services\Tcpip\..\{27D9ED3A-E69D-4780-A102-20F9B42BB017}: NameServer = 62.241.163.200 62.241.162.201
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

thanks loads

#13 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 11 July 2006 - 03:51 AM

Some security programs with active monitoring processes are known to interfere with automatic scanners and can actually prevent HJT fixes from taking effect.

Please turn off or disable any of the following programs you may have,

Spybot S&D (Teatimer)

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

A visual tutorial to disabling Spybot TeaTimer can be found here

Then, Download ResetTeaTimer.bat
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below (if present).

O2 - BHO: (no name) - {088FAD62-0F2B-65E6-CDC8-62FB2F050113} - C:\DOCUME~1\Kat\APPLIC~1\metadupe\Fastsettings.exe (file missing)
O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)
O4 - HKCU\..\Run: [mapi mpeg] C:\DOCUME~1\K`EVIN~1\APPLIC~1\WAVEBA~1\DartBows.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_02) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -

Now close all windows other than HiJackThis, then click Fix Checked. close HijackThis.

***************************************

Next, we need to Reveal Hidden Files

1. Click Start.
2. Open My Computer.
3. Select Tools menu
4. Click Folder Options.
5. Select the View Tab.
6. Select Show hidden files and folders in the Hidden files and folders section.
7. Uncheck Hide protected operating system files (recommended) option.
8. Uncheck the Hide file extensions for known file types option.
9. Click Yes.
10. Click OK.

***************************************

Using Windows Explorer/My Computer, please delete the following files/folders if still present:

C:\Documents and Settings\K`evin Ward\Application Data\WAVEBA~1\ << folder starting with letters WAVEBA
C:\Documents and Settings\Kat\Application Data\metadupe\ << folder
C:\WINDOWS\S2BldmluIFdhcmQ\ << folder
C:\Documents and Settings\Kat\Local Settings\Temporary Internet Files\Content.IE5\4XG52RCD\CAB2I5JR.HTM << file

After that, Reboot.

Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
*you'll want to remove all previous versions of Java using add/remove programs (the latest version is J2SE Runtime Environment 5.0 Update 7).


In your next post, please include
  • new hijackthis log
*also let me know how your computer is running at the moment and if any problems persist.
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#14 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 27 July 2006 - 12:38 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users