Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trojans (ghynf.exe, Etc.)


  • Please log in to reply
17 replies to this topic

#1 jpdarnell

jpdarnell

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 16 September 2006 - 10:52 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:46:16 AM, on 9/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\AOL\1151605249\ee\AOLSoftware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\cvn0.exe
C:\WINDOWS\system32\wfxqhv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\zqskw.exe
C:\WINDOWS\system32\n9nyb.exe
C:\WINDOWS\system32\ghynf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.phildarnell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.phildarnell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINDOWS\system32\xeymi.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151605249\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
O4 - HKLM\..\Run: [defender] c:\\dfndrff_7.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_7.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O20 - AppInit_DLLs: wxvault.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:13 PM

Posted 16 September 2006 - 11:37 AM

Hello there and welcome to Bleeping Computer's security forum.
My name is David, I will be helping you with your log today.

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

Download Brute Force Uninstaller.
Unzip it to a folder of it’s own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script ( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

Run HijackThis.
On the first menu, click Open the Misc Tools Section
Click Open Uninstall Manager
Click Save List - Save it anywhere.
A notepad will pop-up after it's saved, please copy everything in that Notepad and paste it here.

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Also post the uninstall list.

David

#3 jpdarnell

jpdarnell
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 18 September 2006 - 08:05 PM

Here's the log file after I ran bfu...

µTorrent
ACDSee Pro
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
ALPS Touch Pad Driver
AOL Uninstaller (Choose which Products to Remove)
BitLord 1.1
Broadcom Advanced Control Suite
Broadcom TPM Driver Installer
Conexant HDA D110 MDC V.92 Modem
Dell Embassy Trust Suite by Wave Systems
Dell Wireless WLAN Card
Digital Line Detect
Document Manager Lite
EMBASSY Security Center
EMBASSY Trust Suite by Wave Systems
ETS Launch Pad
Forethought
Google Desktop
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Intel® Graphics Media Accelerator Driver
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Macromedia Shockwave Player
Microsoft Office Professional Edition 2003
Modem Helper
Mozilla Firefox (1.5)
NetWaiting
NTRU Hybrid TSS v2.0.7
PartyPokerNet
PowerISO
Preboot Manager
Prevx1
Private Information Manager
QuickSet
QuickTime
Search Assist
Secure Update
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Wizards
Sid Meier's Civilization 4
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
URL Assistant
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Wave Infrastructure Installer
Wave Support Software
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinRAR archiver
Yahoo! Messenger

#4 jpdarnell

jpdarnell
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 18 September 2006 - 08:09 PM

The combofix.txt...

Justin - 06-09-18 21:05:33.43 Service Pack 2
ComboFix 06.09.14 - Running from: C:\Documents and Settings\Justin\Desktop

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\cvn0.exe
C:\WINDOWS\system32\ghynf.exe
C:\WINDOWS\system32\n9nyb.exe
C:\WINDOWS\system32bez6n4r21.exe
C:\WINDOWS\system32ghynf.exe
C:\WINDOWS\system32n9nyb.exe


((((((((((((((((((((((((((((((( Files Created from 2006-08-18 to 2006-09-18 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-18 21:05 -------- d-------- C:\Program Files\Prevx1
2006-09-18 21:02 -------- d-------- C:\Program Files\HijackThis
2006-09-18 20:45 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-18 20:21 -------- d-------- C:\Program Files\Yahoo!
2006-09-16 12:35 -------- d-------- C:\Program Files\Common Files
2006-09-05 22:11 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-05 22:10 -------- d-------- C:\Program Files\QuickTime
2006-08-28 22:18 -------- d-------- C:\Program Files\PartyGaming.Net
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-15 12:18 -------- d---s---- C:\Documents and Settings\Justin\Application Data\Microsoft
2006-08-14 20:37 -------- d-------- C:\Documents and Settings\Justin\Application Data\Mozilla
2006-08-12 09:23 -------- d-------- C:\Program Files\Internet Explorer
2006-08-06 15:57 -------- d-------- C:\Documents and Settings\Justin\Application Data\My Games
2006-08-06 11:40 -------- d-------- C:\Program Files\Firaxis Games
2006-08-06 11:15 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-08-06 11:10 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-08-06 11:00 -------- d-------- C:\Program Files\WinRAR
2006-08-03 17:35 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-03 17:26 -------- d-------- C:\Program Files\Online Services
2006-08-03 17:13 96256 --a------ C:\WINDOWS\system32\drivers\sptd7837.sys
2006-08-03 17:13 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-07-31 18:59 -------- d-------- C:\Documents and Settings\Justin\Application Data\uTorrent
2006-07-31 17:12 -------- d-------- C:\Program Files\Common Files\ACD Systems
2006-07-31 17:12 -------- d-------- C:\Program Files\ACD Systems
2006-07-31 17:12 -------- d-------- C:\Documents and Settings\Justin\Application Data\ACD Systems
2006-07-31 17:11 10368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2006-07-31 17:07 -------- d-------- C:\Program Files\PowerISO
2006-07-31 16:09 -------- d-------- C:\Program Files\uTorrent
2006-07-30 15:41 -------- d-------- C:\Documents and Settings\Justin\Application Data\Lavasoft
2006-07-30 02:45 -------- d-------- C:\Program Files\Viewpoint
2006-07-29 21:58 -------- d-------- C:\Program Files\iTunes
2006-07-29 21:58 -------- d-------- C:\Program Files\iPod
2006-07-29 21:58 -------- d-------- C:\Documents and Settings\Justin\Application Data\Apple Computer
2006-07-29 21:43 -------- d-------- C:\Program Files\BitLord
2006-07-29 07:11 30601 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-06-22 01:06 69120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-06-22 01:06 1435648 --a------ C:\WINDOWS\system32\query.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\\Program Files\\NetWaiting\\netWaiting.exe"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY.exe"
"SigmatelSysTrayApp"="stsystra.exe"
"Document Manager"="C:\\Program Files\\Wave Systems Corp\\Services Manager\\DocMgr\\bin\\docmgr.exe"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1151605249\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"Device Detector"="DevDetect.exe -autorun"
"PrevxOne"="C:\\Program Files\\Prevx1\\PXConsole.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ad8rIU3s"="C:\\WINDOWS\\system32\\cvn0.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Internet Explorer\\kydexusiq.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\Online Services\\hobyv.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: Mon 09/18/2006 21:06:14.31
ComboFix.txt


And the new hijackthis log...

Logfile of HijackThis v1.99.1
Scan saved at 9:09:29 PM, on 9/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\AOL\1151605249\ee\AOLSoftware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Justin\Desktop\bfu\BFU.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.phildarnell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.phildarnell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151605249\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - (no file)
O20 - AppInit_DLLs: wxvault.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Edited by jpdarnell, 18 September 2006 - 08:11 PM.


#5 jpdarnell

jpdarnell
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 18 September 2006 - 08:15 PM

The updated uninstall list from HijackThis. Let me know if this is what you needed.

µTorrent
ACDSee Pro
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
ALPS Touch Pad Driver
AOL Uninstaller (Choose which Products to Remove)
BitLord 1.1
Broadcom Advanced Control Suite
Broadcom TPM Driver Installer
Conexant HDA D110 MDC V.92 Modem
Dell Embassy Trust Suite by Wave Systems
Dell Wireless WLAN Card
Digital Line Detect
Document Manager Lite
EMBASSY Security Center
EMBASSY Trust Suite by Wave Systems
ETS Launch Pad
Forethought
Google Desktop
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Intel® Graphics Media Accelerator Driver
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Macromedia Shockwave Player
Microsoft Office Professional Edition 2003
Modem Helper
Mozilla Firefox (1.5)
NetWaiting
NTRU Hybrid TSS v2.0.7
PartyPokerNet
PowerISO
Preboot Manager
Prevx1
Private Information Manager
QuickSet
QuickTime
Search Assist
Secure Update
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Wizards
Sid Meier's Civilization 4
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
URL Assistant
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Wave Infrastructure Installer
Wave Support Software
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinRAR archiver
Yahoo! Messenger

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:13 PM

Posted 19 September 2006 - 10:43 AM

Hello there,

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe


Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Open hijackthis, click 'config' (bottom right)
Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'
In the field, copy and paste next:

C:\WINDOWS\system32\cvn0.exe

Click open.
Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now.
When asked if you want to reboot now, say Yes.

Click on start, then control panel, and then double-click on add/remove programs. From within add/remove program uninstall the following if they exist by double-clicking on the following entries:

Forethought
Search Assist
Viewpoint Manager (Remove Only)
Viewpoint Media Player


Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, copy and paste next in the field:

C:\WINDOWS\system32\drivers\sptd7837.sys

Then click the Send File button below.
Please let me know when you have submitted the file.

Do you know anything about the following entry from your uninstall list?:
URL Assistant

Your Java is out of date and the older versions are being exploited by malware.
It is the likely cause of your infection, so we need to get it patched up as soon as possible.
Click on start, then control panel, and then double-click on add/remove programs.
Search in the list for all older installed versions of Java. (J2SE Runtime Environment.... )
It should have next icon next to it: Posted Image
Highlight each and click Remove.
Then Download and install the newest version from here:
http://www.java.com/en/download/manual.jsp

Reboot and post a new Hijackthis log.
David

Edited by D-Trojanator, 19 September 2006 - 10:44 AM.


#7 jpdarnell

jpdarnell
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 20 September 2006 - 10:29 AM

I've submitted the file and I don't know what "URL Assistant" is.

#8 jpdarnell

jpdarnell
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 20 September 2006 - 10:43 AM

The new HijackThis logfile...

Logfile of HijackThis v1.99.1
Scan saved at 11:40:42 AM, on 9/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\AOL\1151605249\ee\AOLSoftware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.phildarnell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.phildarnell.com
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151605249\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - (no file)
O20 - AppInit_DLLs: wxvault.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

#9 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:13 PM

Posted 22 September 2006 - 03:13 PM

Please remove "URL Assistant" from add/remove like you did to the other programs.

Your Java is out of date and the older versions are being exploited by malware.
It is the likely cause of your infection, so we need to get it patched up as soon as possible.
Click on start, then control panel, and then double-click on add/remove programs.
Search in the list for all older installed versions of Java. (J2SE Runtime Environment.... )
It should have next icon next to it: Posted Image
Highlight each and click Remove.
Then Download and install the newest version from here:
http://www.java.com/en/download/manual.jsp

How is the system running now?
I see a clean log :thumbsup:

#10 jpdarnell

jpdarnell
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 24 September 2006 - 07:56 PM

I removed 'URL Assistant' and I checked my version of Java. It says I have the most up-to-date version.

I'm still having the same problems. Program minimizations, followed by either one of two pop-ups. One is a warning that my computer has tracks of adult sites I've visited, and asks if I would like to install DriveCleaner to check my computer for free...

#11 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:13 PM

Posted 25 September 2006 - 01:44 PM

Ok, no problem. It looks like we might have to dig a little deeper to find the source.

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

Please download and Save blacklight to your C:\ Important!!.
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Then go to start > run and copy and paste next command in the field:

C:\blbeta.exe /expert

This should open your blacklight.
click > scan then > next,
You'll see a list of all items found.
Don't choose for rename yet! I want to see the log first, because legit items can also be present there...
There must be also a log on your C:\ with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)

Please download, install, and update Ewido anti-spyware
Load Ewido and then click the Update tab at the top.
Under Manual Update click Start update.

After the update finishes (the status bar at the bottom will display "Update successful")
Then click on the Scanner tab at the top.
Click the "Settings" tab and then change the recommended action to Quarantine.
Click Automatically generate report after every scan.
Click back to the "Scan" tab and then click on Complete System Scan.
This scan can take quite a while to run, so be prepared.
Ewido will list any infections found on the left hand side.

When the scan has finished, it will automatically set the recommended action.
Click the Apply all actions button.
Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As".
This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Close Ewido and reboot!! I need the log later.

Please post a new Hijackthis log, the Blacklight log and the ewido report.
David

#12 jpdarnell

jpdarnell
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 27 September 2006 - 09:52 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:47:29 PM, on 9/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\AOL\1151605249\ee\AOLSoftware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.phildarnell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.phildarnell.com
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151605249\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: wxvault.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


Blacklight log...

09/27/06 22:16:38 [Info]: BlackLight Engine 1.0.46 initialized
09/27/06 22:16:38 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/27/06 22:16:38 [Note]: 7019 4
09/27/06 22:16:38 [Note]: 7005 0
09/27/06 22:19:02 [Error]: 6024 1
09/27/06 22:19:02 [Error]: 6024 1
09/27/06 22:19:02 [Note]: 7006 0
09/27/06 22:19:02 [Note]: 7011 672
09/27/06 22:19:02 [Note]: 7026 0
09/27/06 22:19:02 [Note]: 7026 0
09/27/06 22:19:02 [Error]: 6024 1
09/27/06 22:19:08 [Note]: FSRAW library version 1.7.1019
09/27/06 22:21:50 [Note]: 7007 0

Ewido report...

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:44:01 PM 9/27/2006

+ Scan result:



C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\26GEFGE9\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\GVH72IRH\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\GXQVSPE3\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\GXQVSPE3\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\GXQVSPE3\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\MQIJ26PQ\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\OPEB816N\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\OPEB816N\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\OX6B0TQZ\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\kydexusiq.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\Online Services\hobyv.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.140:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.141:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.142:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.144:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.145:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.147:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.148:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.580:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.639:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.280:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.281:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.282:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.283:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.529:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.234:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
:mozilla.242:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.243:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.244:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.245:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.246:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.247:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.248:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.249:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.827:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.828:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@www.adtrak[2].txt -> TrackingCookie.Adtrak : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.351:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.229:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.230:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.231:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.274:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.168:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.169:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.170:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.264:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.619:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.774:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.775:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.213:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.214:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.712:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.713:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.714:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.715:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.488:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.235:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.217:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.218:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.219:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.220:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.221:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.222:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.531:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.532:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.533:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.534:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.535:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.620:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.756:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.823:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.225:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.486:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.564:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.565:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.815:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.816:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.817:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.830:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.831:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.898:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@ehg-traderpublishing.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.902:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@server.lon.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.489:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.171:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.172:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.613:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.614:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.415:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.150:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.151:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.152:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.153:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.252:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.253:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.254:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.653:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.654:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.655:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.656:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.657:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.658:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.659:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.660:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.661:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.662:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.663:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.186:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.188:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.189:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.190:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.191:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@searchingbooth[2].txt -> TrackingCookie.Searchingbooth : Cleaned with backup (quarantined).
:mozilla.503:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.504:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.505:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.506:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.507:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.508:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.440:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.441:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.442:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.443:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.444:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.445:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.446:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.447:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.448:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.449:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.236:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.237:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.240:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.554:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.555:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.556:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.557:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.558:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.559:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.524:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.525:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.526:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.527:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.824:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.825:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup (quarantined).
:mozilla.255:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.256:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.257:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.258:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.259:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.261:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.262:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.263:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.284:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.804:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.805:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.806:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.807:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.808:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.defaul

Edited by jpdarnell, 27 September 2006 - 09:59 PM.


#13 jpdarnell

jpdarnell
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 27 September 2006 - 09:55 PM

Apparently I can't fit all 3 into one post. Here's the ewido report in its entirety.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:44:01 PM 9/27/2006

+ Scan result:



C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\26GEFGE9\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\GVH72IRH\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\GXQVSPE3\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\GXQVSPE3\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\GXQVSPE3\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\MQIJ26PQ\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\OPEB816N\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\OPEB816N\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\OX6B0TQZ\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\kydexusiq.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\Online Services\hobyv.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.140:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.141:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.142:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.144:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.145:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.147:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.148:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.580:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.639:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.280:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.281:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.282:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.283:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.529:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.234:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
:mozilla.242:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.243:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.244:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.245:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.246:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.247:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.248:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.249:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.827:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.828:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@www.adtrak[2].txt -> TrackingCookie.Adtrak : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.351:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.229:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.230:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.231:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.274:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.168:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.169:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.170:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.264:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.619:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.774:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.775:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.213:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.214:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.712:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.713:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.714:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.715:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.488:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.235:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.217:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.218:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.219:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.220:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.221:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.222:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.531:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.532:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.533:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.534:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.535:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.620:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.756:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.823:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.225:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.486:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.564:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.565:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.815:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.816:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.817:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.830:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.831:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.898:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@ehg-traderpublishing.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.902:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@server.lon.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.489:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.171:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.172:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.613:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.614:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.415:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.150:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.151:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.152:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.153:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.252:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.253:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.254:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.653:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.654:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.655:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.656:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.657:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.658:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.659:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.660:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.661:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.662:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.663:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.186:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.188:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.189:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.190:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.191:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@searchingbooth[2].txt -> TrackingCookie.Searchingbooth : Cleaned with backup (quarantined).
:mozilla.503:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.504:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.505:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.506:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.507:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.508:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.440:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.441:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.442:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.443:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.444:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.445:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.446:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.447:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.448:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.449:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.236:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.237:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.240:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.554:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.555:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.556:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.557:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.558:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.559:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.524:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.525:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.526:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.527:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.824:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.825:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup (quarantined).
:mozilla.255:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.256:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.257:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.258:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.259:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.261:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.262:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.263:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.284:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.804:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.805:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.806:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.807:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.808:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.809:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.726:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@scot.valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
:mozilla.265:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.266:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.267:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.268:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.270:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.271:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.273:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.276:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.277:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Others\Cookies\others@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.435:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.436:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.437:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\p7r8wpml.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Cookies\justin@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end

Edited by jpdarnell, 27 September 2006 - 10:01 PM.


#14 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:13 PM

Posted 29 September 2006 - 01:55 PM

Ok, good nothing there. I think it;s just a matter of going through these scanners until we find the root of the problem you are having. To help me disgnose this could you please give as much detail as to what this popup is telling you to install BraveSentry.

Malware like this normally never comes alone and there are probably infected files left on your computer.
Please visit Panda Online to carry out a virus scan.
Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan completes, click the See Report button.
Click Save Report and save the file to your desktop.
Post the contents of the report in your next reply, along with a new Hijackthis log.

David

#15 jpdarnell

jpdarnell
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 29 September 2006 - 02:07 PM

Actually, after the ewido and blacklight runs the pop-ups and program minimizations have ended. I ran Ad-Aware and the reg. keys and all other files besides Internet Exp. cookies were gone. The only thing that's still happening is an application error window that pops up whenever I boot.

It says:

AutoUpdate.exe - Application Error
The application failed to initialize properly (0xc0000135). Click on OK to terminate the application.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users