Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm Infected With Something But I Don't Know What!


  • This topic is locked This topic is locked
8 replies to this topic

#1 Craigo

Craigo

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 09 July 2006 - 04:22 PM

Ok, recently my firewall has been blocking files from accessing the internet. These files have been named

win67f.tmp.exe

They keep coming up and i keep removing them. If i were to allow them to connect to the web, i would be disconnected and under my 'Network Connections' there will be new connections named

User 57684 etc.

So i've tried many programs. Ad-Aware, Xoftspy and tons more. All coming to no use.

Also Nod32 picked up a file called, 'bgates[1].exe' last week and removed it.. but maybe it wasn't removed.

So heres my hijackthis log
----------------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:21:08: PM, on 09/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Prevx Home\PXAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Prevx Home\SAGUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Craig\Desktop\stng260.exe
C:\Program Files\Corel\Corel Paint Shop Pro X\Paint Shop Pro X.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Documents and Settings\Craig\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcservicecall.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1033
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {334985A3-890A-4ACB-8FD1-D1C7E346BFAF} - blank (file missing)
O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - blank (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\Prevx Home\SAGUI.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O15 - Trusted Zone: *.musicmatch.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1084026504781
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E74993D1-2514-4610-AB36-108A5C9496F7}: NameServer = 80.225.255.185 80.225.255.177
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Home\PXAgent.exe" -f (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

-----------------------------------------------------------------------------------------------------------------------

Hopefully you can help :thumbsup:

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:15 AM

Posted 13 July 2006 - 09:26 PM

Hello Craigo,

Welcome to Bleeping Computer :thumbsup:

Sorry about the delay. We're all volunteers here, and it's been very busy. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Craigo

Craigo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 14 July 2006 - 11:28 AM

Thanks very much teacup :thumbsup:

ok here it is.

--------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:27:07: PM, on 14/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Xfire\Xfire.exe
C:\Documents and Settings\Craig\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcservicecall.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1033
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O15 - Trusted Zone: *.musicmatch.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1084026504781
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E74993D1-2514-4610-AB36-108A5C9496F7}: NameServer = 80.225.252.58 80.225.252.50
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:15 AM

Posted 14 July 2006 - 04:29 PM

Hello again,

Please download, install, and update Ewido anti-spyware
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Close ewido. Do not run it yet.
Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll


Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Also, delete the following file:

C:\WINDOWS\SYSTEM32\winjyp32.dll
  • In Safe Mode, load Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Restart back into Normal Mode.
In your reply, please post the report from Ewido and a new HijackThis log. Let me know how your computer is running. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Craigo

Craigo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 15 July 2006 - 08:14 AM

Ok, i followed your instructions and i think it has worked :D thanks

so here is the report and another hijackthis log

----------------------------------------------------------

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:05:32: PM 15/07/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : No action taken.
HKLM\SOFTWARE\Classes\Software\Microsoft\windows\currentversion\explorer\browser helper objects\{944864a5-3916-46e2-96a9-a2e84f3f1208} -> Adware.Accoona : No action taken.
HKU\S-1-5-21-589954587-1544775690-1499550401-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\browser helper objects\{944864a5-3916-46e2-96a9-a2e84f3f1208} -> Adware.Accoona : No action taken.
HKU\S-1-5-21-589954587-1544775690-1499550401-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : No action taken.
C:\VundoFix Backups\ssqpnll.dll -> Adware.Virtumonde : No action taken.
C:\Documents and Settings\All Users\Application Data\SecTaskMan\nvidia32.exe.q_804ACC6_q -> Backdoor.Bifrose.ta : No action taken.
C:\Documents and Settings\Craig\My Documents\Downloads\Ad-aware Pro 6.0\Ad-aware Pro 6.0.exe/AD-AWA~2.EXE -> Backdoor.Bifrose.ta : No action taken.
:mozilla.343:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.44:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.45:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Catherine McKay\Cookies\catherine mckay@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.125:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.142:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.188:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.284:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.305:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.43:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.46:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.47:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.48:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.49:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Craig\Cookies\craig@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Craig\Cookies\craig@aoluk.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Craig\Cookies\craig@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.101:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.28:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.29:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.56:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.454:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.455:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.292:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.293:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.294:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.295:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.126:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.127:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Craig\Cookies\craig@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
:mozilla.222:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.223:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.224:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.225:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.226:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.22:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.23:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.24:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Craig\Cookies\craig@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.72:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Adviva : No action taken.
:mozilla.35:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.48:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Catherine McKay\Cookies\catherine mckay@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Craig\Cookies\craig@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.342:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Bfast : No action taken.
:mozilla.52:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.146:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.158:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.159:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.315:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.316:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.317:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.318:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.319:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.320:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.416:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.417:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.85:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.86:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.109:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.43:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.90:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Catherine McKay\Cookies\catherine mckay@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Craig\Cookies\craig@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.237:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.238:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.239:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.240:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.241:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.33:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.56:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.91:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.92:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.93:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.94:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.95:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.96:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.97:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Catherine McKay\Cookies\catherine mckay@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.42:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.449:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.180:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.181:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.183:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.242:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.243:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.244:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.245:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.356:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.15:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.16:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.17:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.18:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.313:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.197:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.64:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Craig\Cookies\craig@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.121:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.122:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.67:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.68:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.415:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Paycounter : No action taken.
C:\Documents and Settings\Craig\Cookies\craig@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.267:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.268:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.272:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Craig\Cookies\craig@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.111:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.112:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.113:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.114:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.218:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.219:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.220:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.221:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.414:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.217:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Sextracker : No action taken.
:mozilla.299:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.300:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.301:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.302:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.147:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.148:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.149:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.150:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.169:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.170:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.453:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Trafic : No action taken.
:mozilla.19:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.24:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.25:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.26:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.31:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.32:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.334:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.54:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.55:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.123:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.34:C:\Documents and Settings\Catherine McKay\Application Data\Mozilla\Firefox\Profiles\1a5oejkg.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.286:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.287:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.36:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.37:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.38:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.39:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.59:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.263:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.264:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.265:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.266:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\06atk0j5.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Craig\Cookies\craig@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Craig\Local Settings\Temporary Internet Files\Content.IE5\SNM5APGP\bgates[1].exe -> Trojan.Dialer.pz : No action taken.
C:\WINDOWS\system32\winjyp32.dll -> Trojan.Small : No action taken.


::Report end

-------------------------------------------------------

Oh that was big o_o

-------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:13:04: PM, on 15/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Craig\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcservicecall.co.uk
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1033
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O15 - Trusted Zone: *.musicmatch.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1084026504781
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E74993D1-2514-4610-AB36-108A5C9496F7}: NameServer = 212.74.114.129 212.74.112.66
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--------------------------------------

I hope its fixed :D

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:15 AM

Posted 18 July 2006 - 12:01 AM

Hello again,

Looks good. :thumbsup: Still running well? Just a leftover to fix now :

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Reboot your computer.

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

It is very important to maintain your Firewall.
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 Craigo

Craigo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 18 July 2006 - 02:53 PM

Thank you very much for all your help :thumbsup:

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:15 AM

Posted 18 July 2006 - 10:24 PM

You're most welcome! :thumbsup:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:15 AM

Posted 08 August 2006 - 12:02 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users