Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Hijacked? - Spyware Infected


  • This topic is locked This topic is locked
18 replies to this topic

#1 maxrazor

maxrazor

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 09 November 2006 - 01:48 AM

Hey there, i have been having problems with my Firefox browser lately, so much infact that i have uninstalled it and gone back to using IE even though i prefer Firefox :thumbsup:

Ok here we go, the problem is that each time i start up Firefox its really really slow to the load the page/s, so i typed www.google.co.uk and i get a page come up with chinese or japenese (asian) text ?, im really confused at why this is happening so i contacted a friend and he says it could be the language settings.

The thing is i dont get a google page in chinese or japanese, its just like a page with chinese or japanese text running down it, i have checked the language settings in Firefox and its marked as English?
I have also tryed un-installing and re-installing to see if that fixes the problem but its no luck, a friend recomended i use Spyware removal programmes so i downloaded them to see if that fixes the problem but again without any luck.

After installing SpywareBlaster, CCleaner and Spybot - Search & Destroy i notice that now my Firefox wont load any page up. If i try loading google now its saying no data on this page?

Can you please help me and also let me know if zone alarm firewall is good to use as I have been recomended to use it?

I look foward to hearing from you, I have included my logfile and belive my pc has been infected.

Thank You




Logfile of HijackThis v1.99.1
Scan saved at 06:38:29, on 09/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Paltalk Messenger\palstart.exe
C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\eMule\eMule.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\XP Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.psystation.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - (no file)
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PalStart.lnk = C:\Program Files\Paltalk Messenger\palstart.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://kb.bar.need2find.com/KB/menusearch.html?p=KB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.telewest.co.uk/motive/files/MotivePreQual.cab
O16 - DPF: {DA511858-B44C-439E-A0EA-704ED20035E7} (EphoxEditLive4.EditLive) - http://www.beepworld.de/hp/activexeditor/editlive4.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:56 PM

Posted 10 November 2006 - 10:05 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:



Please download ComboFix and save it to your desktop.

IMPORTANT - Make sure the Combofix is saved to your desktop.

Click Start -> Run
Copy the command below and paste it into the Run box and click Ok.

"%userprofile%\desktop\combofix.exe" /wow

When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 maxrazor

maxrazor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 10 November 2006 - 11:52 AM

Hi there Sam, thank you for replying to my original post. :thumbsup:

Ok as you mentioned the steps above, i have followed and below is the report you requested.

Look forward to hearing from you :flowers:

Max...


XP Administrator - 06-11-10 15:11:35.04 Service Pack 2
ComboFix 06.11.9W - Running from: "C:\Documents and Settings\XP Administrator\desktop"
Command switches used :: /wow

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\XP Administrator\Desktop\Internet Explorer.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
C:\Program Files\PrintView
C:\Program Files\Common Files\{30CA2008-0BC6-1033-0709-04031028002c}
C:\Program Files\Common Files\{70CA2008-0BC6-1033-0709-04031028002c}


((((((((((((((((((((((((((((((( Files Created from 2006-10-10 to 2006-11-10 ))))))))))))))))))))))))))))))))))


2006-11-10 13:03 <DIR> d-------- C:\Documents and Settings\XP Administrator\Application Data\Apple Computer
2006-11-10 13:02 <DIR> d-------- C:\Program Files\iTunes
2006-11-10 13:02 <DIR> d-------- C:\Program Files\iPod
2006-11-10 13:01 <DIR> d-------- C:\Program Files\QuickTime
2006-11-10 06:24 <DIR> d-------- C:\Program Files\Windows Defender
2006-11-10 05:45 <DIR> dr-h----- C:\Documents and Settings\XP Administrator\Recent
2006-11-08 07:11 203,264 --a------ C:\WINDOWS\system32\tcm_screen.scr
2006-11-08 07:11 <DIR> d-------- C:\WINDOWS\system32\tcm_screen dir
2006-11-07 23:31 <DIR> d-------- C:\Program Files\LimeWire
2006-11-07 23:31 <DIR> d-------- C:\Documents and Settings\XP Administrator\Application Data\LimeWire
2006-11-07 22:14 <DIR> d-------- C:\Program Files\Ares
2006-11-07 02:52 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-07 02:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-05 20:29 <DIR> d-------- C:\Program Files\SpywareBlaster
2006-11-05 20:00 <DIR> d-------- C:\Program Files\Mozilla Firefox
2006-11-05 19:22 <DIR> d-------- C:\Program Files\CCleaner
2006-10-29 00:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2006-10-27 13:25 11,648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys
2006-10-22 21:59 <DIR> d-------- C:\Program Files\Winamp
2006-10-22 15:51 <DIR> d-------- C:\Documents and Settings\XP Administrator\Application Data\DivX
2006-10-20 20:43 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-10-14 23:25 <DIR> d-------- C:\WINDOWS\Internet Logs
2006-10-14 23:22 <DIR> d-------- C:\Program Files\RegCleaner
2006-10-13 04:31 108,544 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2006-10-13 04:29 <DIR> d-------- C:\Program Files\DivX
2006-10-13 04:25 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-10-13 04:24 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-10-13 04:24 <DIR> d-------- C:\Program Files\XviD
2006-10-13 02:31 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2006-10-12 11:11 <DIR> d-------- C:\Program Files\MSN Messenger
2006-10-12 05:07 39,440 --a------ C:\WINDOWS\system32\CSvidcap.dll
2006-10-12 05:07 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared
2006-10-12 01:49 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2006-10-10 21:16 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-10-10 21:16 <DIR> d-------- C:\Documents and Settings\XP Administrator\Contacts
2006-10-10 09:18 36,528 --a------ C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-10-10 09:18 2,560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-10-10 09:18 2,432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-10-10 09:18 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2006-10-10 09:18 115,880 --a------ C:\WINDOWS\system32\pxinsi64.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-10 15:28 -------- d-------- C:\Program Files\Common Files
2006-11-10 15:04 -------- d-------- C:\Documents and Settings\XP Administrator\Application Data\BearShare
2006-11-10 13:50 -------- d-------- C:\Program Files\eMule
2006-11-10 12:52 -------- d-------- C:\Documents and Settings\XP Administrator\Application Data\Skype
2006-11-10 06:36 43680 --a------ C:\Documents and Settings\XP Administrator\Application Data\wklnhst.dat
2006-11-10 02:24 -------- d-------- C:\Program Files\Soulseek
2006-11-06 18:58 -------- d-------- C:\Program Files\TVK - CoolText Extreme
2006-11-05 21:31 -------- d-------- C:\Program Files\Yahoo!
2006-11-05 17:15 -------- d-------- C:\Documents and Settings\XP Administrator\Application Data\uTorrent
2006-11-05 01:29 -------- d-------- C:\Program Files\VirtualDJ
2006-11-03 23:14 -------- d-------- C:\Program Files\SplitCam
2006-11-03 01:19 -------- d-------- C:\Program Files\AV VCS 3.0
2006-11-01 14:59 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-29 01:13 61072 --a------ C:\WINDOWS\system32\drivers\klick.sys
2006-10-29 01:13 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys
2006-10-29 01:04 -------- d-------- C:\Program Files\Kaspersky Lab
2006-10-26 15:12 -------- d-------- C:\Program Files\Paltalk Messenger
2006-10-23 22:39 -------- d-------- C:\Documents and Settings\XP Administrator\Application Data\Paltalk
2006-10-20 12:00 -------- d-------- C:\Program Files\Apple Software Update
2006-10-13 20:00 315392 --a------ C:\WINDOWS\system32\rlls.dll
2006-10-13 11:14 -------- d-------- C:\Program Files\BearShare MediaBar
2006-10-12 21:55 -------- d-------- C:\Program Files\OpenTalk
2006-10-12 11:07 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-09 15:02 -------- d-------- C:\Program Files\BitLord
2006-10-06 19:23 -------- d-------- C:\Documents and Settings\XP Administrator\Application Data\Lavasoft
2006-10-06 08:41 -------- d-------- C:\Program Files\BearShare Applications
2006-10-04 21:56 -------- d-------- C:\Documents and Settings\XP Administrator\Application Data\CamTrack
2006-10-04 19:12 -------- d-------- C:\Program Files\Raven
2006-10-03 18:08 -------- d-------- C:\Program Files\amsn
2006-10-03 16:04 -------- d-------- C:\Program Files\DigitalPeers
2006-10-02 19:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 19:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 19:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 19:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-10-01 21:19 8464 --a------ C:\WINDOWS\system32\sporder.dll
2006-10-01 07:11 -------- d-------- C:\Program Files\ErstenWare
2006-09-19 19:58 -------- d---s---- C:\Documents and Settings\XP Administrator\Application Data\Microsoft
2006-09-19 19:58 -------- d-------- C:\Program Files\GameShadow
2006-09-19 19:12 51696 --a------ C:\Documents and Settings\XP Administrator\Application Data\GDIPFONTCACHEV1.DAT
2006-09-19 17:33 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-09-19 15:44 15664 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-19 05:35 -------- d-------- C:\Program Files\TechSmith
2006-09-17 20:01 -------- d-------- C:\Program Files\Fake Webcam
2006-09-15 13:21 -------- d-------- C:\Program Files\MediaMonkey
2006-09-14 13:18 -------- d-------- C:\Program Files\ATI Technologies
2006-09-14 13:15 -------- d-------- C:\Program Files\Internet Explorer
2006-09-14 11:46 -------- d-------- C:\Program Files\CoffeeCup Software
2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-10 16:29 -------- d-------- C:\Program Files\SmartDraw 7
2006-09-10 16:24 -------- d-------- C:\Documents and Settings\XP Administrator\Application Data\SmartDraw
2006-08-25 15:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 12:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 09:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 11:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-10 23:03 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-10 23:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"kav"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^2Wire Wireless Client.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\2Wire Wireless Client.lnk"
"backup"="C:\\WINDOWS\\pss\\2Wire Wireless Client.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\2WIRE8~1.11G\\PRISMCFG.EXE /START"
"item"="2Wire Wireless Client"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^palstart.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\palstart.exe"
"backup"="C:\\WINDOWS\\pss\\palstart.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\palstart.exe"
"item"="palstart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^XP Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"path"="C:\\Documents and Settings\\XP Administrator\\Start Menu\\Programs\\Startup\\LimeWire On Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\LimeWire\\LimeWire.exe -startup"
"item"="LimeWire On Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\config sys\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PcSync2"
"hkey"="HKCU"
"command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-11-10 15:29:01.93
C:\ComboFix.txt ... 06-11-10 15:29

#4 maxrazor

maxrazor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 10 November 2006 - 04:41 PM

Hey Sam I have just realised my Internet Explorer has dissapered :thumbsup:

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:56 PM

Posted 11 November 2006 - 04:03 PM

Ok, let's restore you IE desktop link.
Right click on your desktop and select Properties.
Select the Desktop tab.
Click Customize Desktop.
Under Desktop icons, check Internet Explorer.
Click Ok and Ok to close both windows.


============


Now let's check out a suspicious file that shows up in your log.
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan" box on the top of the page:



    C:\WINDOWS\system32\rlls.dll


  • Click on the submit button
  • Please post the results in your next reply.
============



Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 maxrazor

maxrazor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 11 November 2006 - 07:31 PM

Hi Sam, thanks for replying.

Ok my Internet Explorer is back :thumbsup:


============

Here are the results for the Jotti's malware scan:-


File: rlls.dll

Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)

MD5 4e30e1cbe1ab76315c6b070becb875da

Packers detected: -

Scanner results


AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found Misc/Oss
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VirusBuster Found nothing
VBA32 Found nothing



============

Here are the results for F-Secure Online Scanner:-



Scanning Report
Saturday, November 11, 2006 22:10:23 - 00:10:02
Computer name: PC1
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 5 malware found
Possible Browser Hijack attempt (spyware)
System (Disinfected)
Tracking Cookie (spyware)
System (Disinfected)
System
System
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 27071
System: 4982
Not scanned: 4
Actions:
Disinfected: 2
Renamed: 0
Deleted: 0
None: 3
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\DOCUMENTS AND SETTINGS\XP ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{EB102A73-5656-4B21-B961-EB7668CF23F3}

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2006-11-10
F-Secure AVP: 7.0.171, 2006-11-10
F-Secure Orion: 1.2.37, 2006-11-10
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Draco: 1.0.35, 0260-02-44
F-Secure Pegasus: 1.19.0, 2006-08-29
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.


I look forward to hearing from you. :flowers:

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:56 PM

Posted 12 November 2006 - 09:42 PM

Let's see if we can get a bit more clarification on that file. Please submit it to this site for scanning.
http://www.virustotal.com/en/indexf.html

Post the results in your next reply.


============



Please download AVG Anti-Spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run Ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

  • Clean out your Temporary Internet files.
    • Internet Explorer
      • Close Internet Explorer and close any instances of Windows Explorer.
      • Click Start -> Control Panel and then double-click Internet Options.
      • On the General tab, click Delete Files under Temporary Internet Files.
      • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
      • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
      • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
      • Click OK.
    • Firefox (In case you also have Firefox installed)
      • Open Firefox and go to Tools -> Options.
      • Click Privacy in the menu on the left side of the Options window.
      • Click the Clear button located to the right of each option (History, Cookies, Cache).
      • Click OK to close the Options window.
        Alternatively, you can clear all information stored while browsing by clicking Clear All.
        A confirmation dialog box will be shown before clearing the information.
    IMPORTANT: Close all windows and do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:

  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Please post the results of the AVG Anti-Spyware scan report along with a new Hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 maxrazor

maxrazor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 13 November 2006 - 06:33 PM

..

Edited by maxrazor, 13 November 2006 - 06:43 PM.


#9 maxrazor

maxrazor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 13 November 2006 - 06:37 PM

Hi there Sam, Thank you for replying :thumbsup:


Here are the results for VirusTotal

STATUS: FINISHED
Complete scanning result of "rlls.dll", received in VirusTotal at 11.13.2006, 05:56:19 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.39 11.12.2006 no virus found
Authentium 4.93.8 11.10.2006 no virus found
Avast 4.7.892.0 11.13.2006 no virus found
AVG 386 11.12.2006 no virus found
BitDefender 7.2 11.13.2006 no virus found
CAT-QuickHeal 8.00 11.11.2006 no virus found
ClamAV devel-20060426 11.12.2006 no virus found
DrWeb 4.33 11.12.2006 no virus found
eTrust-InoculateIT 23.73.53 11.13.2006 no virus found
eTrust-Vet 30.3.3186 11.10.2006 no virus found
Ewido 4.0 11.12.2006 no virus found
Fortinet 2.82.0.0 11.13.2006 Misc/Oss
F-Prot 3.16f 11.10.2006 no virus found
F-Prot4 4.2.1.29 11.10.2006 no virus found
Ikarus 0.2.65.0 11.10.2006 no virus found
Kaspersky 4.0.2.24 11.13.2006 no virus found
McAfee 4893 11.10.2006 potentially unwanted program Proxy-OSS
Microsoft 1.1609 11.13.2006 no virus found
NOD32v2 1862 11.10.2006 no virus found
Norman 5.80.02 11.10.2006 no virus found
Panda 9.0.0.4 11.12.2006 no virus found
Sophos 4.11.0 11.07.2006 no virus found
TheHacker 6.0.1.117 11.12.2006 no virus found
UNA 1.83 11.10.2006 no virus found
VBA32 3.11.1 11.13.2006 no virus found
VirusBuster 4.3.15:9 11.12.2006 no virus found

Aditional Information File size: 315392 bytes MD5: 4e30e1cbe1ab76315c6b070becb875da SHA1: 7df9bb2fa77934f360a12c0dec8d1266aef22dfb


====================


Here are the results for the AVG ANTI SPYWARE scan

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:51:32 13/11/2006

+ Scan result:



HKU\S-1-5-21-1790521817-2163411867-2876842818-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-1790521817-2163411867-2876842818-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D77A8618-D905-4B64-B9A4-46095F1267FB}\RP445\A0437844.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\actskn45.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D77A8618-D905-4B64-B9A4-46095F1267FB}\RP449\A0453362.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\XP Administrator\My Documents\My Received Files\PROGS\Outils MSN.rar/Outils MSN\mspass.zip/mspass.exe -> Not-A-Virus.PSWTool.Win32.Messen.104 : Cleaned with backup (quarantined).
C:\Documents and Settings\XP Administrator\My Documents\My Received Files\PROGS\Outils MSN\mspass.zip/mspass.exe -> Not-A-Virus.PSWTool.Win32.Messen.104 : Cleaned with backup (quarantined).
:mozilla.450:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Psynite\Cookies\psynite@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.322:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.432:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.433:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.434:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.435:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.436:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.437:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.438:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.439:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.440:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.441:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.442:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.443:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.444:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.445:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.673:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.801:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.838:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.125:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.126:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.127:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.128:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.217:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.218:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.330:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.331:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.332:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.29:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.30:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.31:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.32:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.33:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.34:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.351:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.352:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.475:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.53:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.54:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.55:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.60:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.63:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.64:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.19:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.20:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.34:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.35:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.10:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.11:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.12:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.14:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.82:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.83:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.84:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.85:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.214:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.28:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.29:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Psynite\Cookies\psynite@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.517:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.286:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.287:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.288:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.420:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.421:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.422:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.166:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.167:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.168:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.169:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.170:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.171:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.172:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.199:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.200:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.201:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.202:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.203:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.204:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.205:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.206:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.207:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.208:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.685:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.686:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.111:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Com : Cleaned.
:mozilla.536:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Com : Cleaned.
:mozilla.455:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.777:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.17:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.33:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Psynite\Cookies\psynite@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.414:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.415:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.416:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.418:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.419:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.102:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.103:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.104:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.105:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.106:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.107:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.108:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.590:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.591:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.592:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.593:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.594:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.821:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.35:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.36:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.37:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.38:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.39:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.40:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.52:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.56:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.57:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.58:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.59:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.61:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.62:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.208:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.215:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.296:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.398:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.504:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.843:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.304:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.306:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.307:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.477:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.478:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.479:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.480:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.461:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.487:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.348:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Itrack : Cleaned.
:mozilla.814:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.263:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.264:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.265:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.344:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.624:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.698:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.699:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.43:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.51:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Psynite\Cookies\psynite@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.785:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.786:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.787:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.165:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.166:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.167:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.78:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.855:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.702:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.703:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.704:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.705:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.279:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.280:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.375:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.378:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.104:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.105:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.106:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.423:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.424:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.425:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.548:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.549:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.550:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.551:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.552:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.553:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.559:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.560:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.561:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.562:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.563:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.613:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.614:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.616:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.189:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.190:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.191:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.192:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.193:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.194:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.716:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.717:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.130:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.482:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.664:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.665:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.666:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.667:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.177:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.645:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.646:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.647:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.648:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.649:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.650:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.651:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.652:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.653:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.654:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.655:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.656:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.657:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.658:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.659:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.661:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.662:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.663:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.187:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.188:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.189:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.190:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.191:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.309:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.312:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.313:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.316:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.639:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.318:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.319:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.90:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.91:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.715:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.200:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.79:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.80:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.145:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.294:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.781:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.782:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.393:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.634:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.635:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.65:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.66:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.67:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.68:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.69:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.70:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.71:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.72:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.73:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.74:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.75:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.76:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.89:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.92:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.93:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.94:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.95:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.96:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.97:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.98:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.99:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Psynite\Cookies\psynite@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.709:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.710:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.711:C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.


::Report end


====================

Edited by maxrazor, 13 November 2006 - 06:44 PM.


#10 maxrazor

maxrazor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 13 November 2006 - 06:40 PM

Here is a log of HIJACKTHIS

Logfile of HijackThis v1.99.1
Scan saved at 23:11:00, on 13/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Paltalk Messenger\palstart.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\XP Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\WINDOWS\config sys\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
O4 - Global Startup: 2Wire Wireless Client.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
O4 - Global Startup: palstart.exe
O4 - Global Startup: PalStart.lnk = C:\Program Files\Paltalk Messenger\palstart.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://kb.bar.need2find.com/KB/menusearch.html?p=KB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...anner371100.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.telewest.co.uk/motive/files/MotivePreQual.cab
O16 - DPF: {DA511858-B44C-439E-A0EA-704ED20035E7} (EphoxEditLive4.EditLive) - http://www.beepworld.de/hp/activexeditor/editlive4.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe


====================


Look forward to hearing from you, hope you had a good weekend :thumbsup:

Edited by maxrazor, 13 November 2006 - 06:51 PM.


#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:56 PM

Posted 14 November 2006 - 07:28 AM

Please delete this file.

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe


Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O4 - Global Startup: palstart.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://kb.bar.need2find.com/KB/menusearch.html?p=KB
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)



Reboot your computer.



Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.
Are you still having the same issue with Firefox?
Any other problems beyond that?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 maxrazor

maxrazor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 14 November 2006 - 01:07 PM

Results From ActiveScan


Incident Status Location

Spyware:spyware/marketscore Not disinfected c:\windows\system32\rlls.dll
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Potentially unwanted tool:application/need2find Not disinfected hkey_current_user\software\Need2Find
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Adware:adware/instafinder Not disinfected Windows Registry
Adware:adware/azesearch Not disinfected Windows Registry
Potentially unwanted tool:application/zango Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}
Spyware:spyware/media-motor Not disinfected Windows Registry
Adware:adware/navhelper Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt[.errorsafe.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt[www.errorsafe.com/pages/scanner/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt[.c2.gostats.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-1.txt[.gostats.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\XP Administrator\Application Data\Mozilla\Firefox\Profiles\jjz18mmw.default\cookies-2.txt[www.drivecleaner.com/.freeware/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\XP Administrator\Cookies\xp administrator@azjmp[1].txt
Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\XP Administrator\Cookies\xp administrator@ilead.itrack[2].txt

====================


HijackThis Log


Logfile of HijackThis v1.99.1
Scan saved at 16:50:55, on 14/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\XP Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.psystation.net/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\WINDOWS\config sys\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
O4 - Global Startup: 2Wire Wireless Client.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
O4 - Global Startup: palstart.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://kb.bar.need2find.com/KB/menusearch.html?p=KB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...anner371100.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.telewest.co.uk/motive/files/MotivePreQual.cab
O16 - DPF: {DA511858-B44C-439E-A0EA-704ED20035E7} (EphoxEditLive4.EditLive) - http://www.beepworld.de/hp/activexeditor/editlive4.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe


====================


Sam i have just tried to open Firefox and this is what I get when i type www.google.co.uk or any other URL, nothing in Firefox is working, please see below.


Posted Image

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:56 PM

Posted 14 November 2006 - 07:17 PM

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O4 - Global Startup: palstart.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://kb.bar.need2find.com/KB/menusearch.html?p=KB



=================


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    c:\windows\system32\rlls.dll
    c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

  • After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
  • Post this log in your next reply.
================



Download and scan with the free 15 day trial of Counterspy
Save the report when it's finished:
  • Once Counterspy has done scanning,the 'Scan Results' box will appear.
  • Click on 'View Results'.
  • Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to Remove.
  • Then click on Take Action.
  • Once everything has been removed,click on View Details.
  • Copy and Paste those details into your next reply here.
===============


Please post a new hijackthis log.
What version of Firefox are you using?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 maxrazor

maxrazor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 17 November 2006 - 08:20 PM

Killbox Results


Pocket Killbox version 2.0.0.881
Running on Windows XP as XP Administrator(Administrator)
was started @ Friday, November 17, 2006, 9:05 PM

# 1 [Delete on Reboot]
Path = c:\windows\system32\rlls.dll


# 2 [Delete on Reboot]
Path = c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf


I Rebooted @ 9:08:35 PM
Killbox Closed(Exit) @ 9:08:37 PM
__________________________________________________

Pocket Killbox version 2.0.0.881
Running on Windows XP as XP Administrator(Administrator)
was started @ Friday, November 17, 2006, 9:15 PM

# 1 [Delete on Reboot]
Path = c:\windows\system32\rlls.dll


# 2 [Delete on Reboot]
Path = c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf


# 3 [Delete on Reboot]
Path = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe


# 4 [Delete on Reboot]
Path = c:\windows\system32\rlls.dll


# 5 [Delete on Reboot]
Path = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe


PendingFileRenameOperations Registry Data has been Removed by External Process! @ 9:17:40 PM
Killbox Closed(Exit) @ 9:17:47 PM
__________________________________________________

Pocket Killbox version 2.0.0.881
Running on Windows XP as XP Administrator(Administrator)
was started @ Friday, November 17, 2006, 9:31 PM


I did receive the message PendingFileRenameOperations prompt.



====================



Counterspy scan results


Spyware Scan Details
Start Date: 17/11/2006 23:24:44
End Date: 18/11/2006 00:58:00
Total Time: 1 hrs 33 mins 16 secs

Detected spyware

Paltalk Low Risk Adware more information...
Details: Paltalk is an advertising-supported instant messaging client.
Status: Deleted

Infected files detected
c:\program files\paltalk messenger\overlays\flash1.swf
c:\program files\paltalk messenger\overlays\flash2.swf
c:\program files\paltalk messenger\overlays\max1pal.swf
c:\program files\paltalk messenger\receivedfiles\brq.txt

Infected registry entries detected
HKEY_CLASSES_ROOT\PaltalkFile
HKEY_CLASSES_ROOT\PaltalkFile\DefaultIcon C:\Program Files\Paltalk Messenger\Paltalk.exe,0
HKEY_CLASSES_ROOT\PaltalkFile\Shell\Open\Command C:\Program Files\Paltalk Messenger\Paltalk.exe "%1"
HKEY_CLASSES_ROOT\.PalTalk
HKEY_CLASSES_ROOT\.PalTalk PalTalkFile
HKEY_CLASSES_ROOT\.PalTalk Content Type text/PalTalk


Hotbar Toolbar more information...
Details: Hotbar Web Tools is a collection of browser and system enhancements. The primary application is the Hotbar toolbar, a which is a "skinable" browser toolbar for Internet Explorer.
Status: Deleted

Infected files detected
C:\Documents and Settings\XP Administrator\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
C:\Documents and Settings\XP Administrator\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico


Zango.Fireworks_Extravaganza Adware Installer more information...
Status: Deleted

Infected files detected
C:\WINDOWS\system32\tcm_screen dir\expire.scf


KaZaA P2P Program more information...
Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Kazaa
HKEY_CURRENT_USER\Software\Kazaa\Advanced Status Installed
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\BrowserSettings
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Recent File List
HKEY_CURRENT_USER\Software\Kazaa\Settings +
HKEY_CURRENT_USER\Software\Kazaa\Settings Date
HKEY_CURRENT_USER\Software\Kazaa\Settings UseCount 0
HKEY_CURRENT_USER\Software\Kazaa\Transfer +
HKEY_CURRENT_USER\Software\Kazaa\Transfer NoUploadLimitWhenIdle 1
HKEY_CURRENT_USER\Software\Kazaa Tmp 0


My Way Speedbar Potentially Unwanted Program more information...
Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}


MyWebSearch Toolbar Potentially Unwanted Program more information...
Details: MyWebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}


Morpheus P2P Program more information...
Details: P2P file sharing program that installs a number of adware programs. Morpheus also displays its own popup advertsing.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Morpheus
HKEY_LOCAL_MACHINE\SOFTWARE\Morpheus\SearchRecent


WhenU.WhenUSearch Low Risk Adware more information...
Details: WhenU.WhenUSearch is a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism.
Status: Deleted

Infected files detected
C:\WINDOWS\system32\PlayGif.ocx

Infected registry entries detected
HKEY_CLASSES_ROOT\TypeLib\{E2FF4C59-7110-49DA-9D97-4868DE797B88}
HKEY_CLASSES_ROOT\TypeLib\{E2FF4C59-7110-49DA-9D97-4868DE797B88}\1.0\0\win32 C:\WINDOWS\system32\PlayGif.ocx
HKEY_CLASSES_ROOT\TypeLib\{E2FF4C59-7110-49DA-9D97-4868DE797B88}\1.0\FLAGS 2
HKEY_CLASSES_ROOT\TypeLib\{E2FF4C59-7110-49DA-9D97-4868DE797B88}\1.0\HELPDIR C:\WINDOWS\system32
HKEY_CLASSES_ROOT\TypeLib\{E2FF4C59-7110-49DA-9D97-4868DE797B88}\1.0 PlayGif ActiveX Control module


GirlFriend RAT more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\General


Foto Trojan more information...
Details: Foto is a trojan that downloads and executes arbitrary files from a long hardcoded list of 131 URLs.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Raven Software
HKEY_CURRENT_USER\Software\Raven Software\SoF Path C:\Program Files\Raven\SOF PLATINUM
HKEY_CURRENT_USER\Software\Raven Software\SoF Folder .\Raven Software\Soldier of Fortune Platinum
HKEY_CURRENT_USER\Software\Raven Software\SoF Graphics -547295345
HKEY_CURRENT_USER\Software\Raven Software\SoF Sound 1990429844
HKEY_CURRENT_USER\Software\Raven Software\SoF Input -1642780715
HKEY_CURRENT_USER\Software\Raven Software\SoF Networking 1899689194
HKEY_CURRENT_USER\Software\Raven Software\SoF Performance -501686888
HKEY_CURRENT_USER\Software\Raven Software\SoF Server


BlockChecker Adware (General) more information...
Details: BlockChecker is a free utility designed for popular instant messaging programs to see if a buddy has you blocked.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List %windir%\system32\ccapp.exe %windir%\system32\ccapp.exe:*:Enabled:System Process


Need2FindBar Potentially Unwanted Program more information...
Details: Need2FindBar is a browser helper object (BHO) toolbar that has a search function.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Need2Find
HKEY_CURRENT_USER\Software\Need2Find\bar MenuExtLabel &Search
HKEY_CLASSES_ROOT\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}
HKEY_CLASSES_ROOT\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}\TreatAs {4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\TypeLib {4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3} INeed2FindBarSettings
HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\TypeLib {4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3} _INeed2FindBarSettingsEvents
HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2
HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2\CLSID {0002DF01-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2 Internet Exp1orer (Ver 1.21610)
HKEY_CLASSES_ROOT\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}\1.0\0\win32 C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL
HKEY_CLASSES_ROOT\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}\1.0\HELPDIR C:\Program Files\Need2Find\bar\2.bin\
HKEY_CLASSES_ROOT\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}\1.0 Toolbar 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner test "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Home C:\Program Files\Altnet\Points Manager\Points Manager.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Points "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Redeem "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 2
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Wallet "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 3
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Settings "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 4
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Id 4D6B84EF-16C8-4F8D-9505-63D15127B525
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pid KB
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Dir C:\Program Files\Need2Find\bar\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ShzmCurInstall 6
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar PluginPath C:\Program Files\Need2Find\bar\2.bin\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CurInstall 2
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pl 9
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Build 123.43925
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CacheDir C:\Program Files\Need2Find\bar\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Visible 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar SettingsDir C:\Program Files\Need2Find\bar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar HTMLMenuRevision 86
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar HistoryDir C:\Program Files\Need2Find\bar\History\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ConfigRevision 39
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ConfigRevisionURL http://kb.barcfg.need2find.com/speedbar/my...p?s=kb&p=KB
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ConfigDateStamp 2005071206
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Flags 530
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CfgUrl http://kb.barcfg.need2find.com/speedbar/my...p?s=kb&p=KB
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar NextConfigRequest gLtWFyq6xQE-
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar LastConfigRequest gIMJ8hC6xQE-


Starware.Toolbar Toolbar more information...
Details: Starware.Toolbar is an IE Toolbar offering Search, Weather, Reference, and other capabilities. It hijacks the IE SearchAssistant and the 404 error page to its own search site. This application can also be removed using Windows Control Panel's Add/Remove P
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\TypeLib\{C94D0190-978F-46C8-B48B-339362176ED8}
HKEY_CLASSES_ROOT\TypeLib\{C94D0190-978F-46C8-B48B-339362176ED8}\1.0\0\win32 C:\Program Files\Starware\bin\dlls\jokester.dll
HKEY_CLASSES_ROOT\TypeLib\{C94D0190-978F-46C8-B48B-339362176ED8}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{C94D0190-978F-46C8-B48B-339362176ED8}\1.0\HELPDIR C:\Program Files\Starware\bin\dlls\
HKEY_CLASSES_ROOT\TypeLib\{C94D0190-978F-46C8-B48B-339362176ED8}\1.0 jokester 1.0 Type Library


Maxifiles Adware (General) more information...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\IDL
HKEY_CURRENT_USER\Software\IDL remove yes


AdPerform Browser Plug-in more information...
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{10ADD1E8-EC8A-4719-B39D-B46DD1D6A65D}
HKEY_CLASSES_ROOT\CLSID\{10ADD1E8-EC8A-4719-B39D-B46DD1D6A65D}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{10ADD1E8-EC8A-4719-B39D-B46DD1D6A65D}\ProgID PrintView.PrintViewBar.1
HKEY_CLASSES_ROOT\CLSID\{10ADD1E8-EC8A-4719-B39D-B46DD1D6A65D}\TypeLib {24723349-C5C0-44c2-837D-84250E6B2A12}
HKEY_CLASSES_ROOT\CLSID\{10ADD1E8-EC8A-4719-B39D-B46DD1D6A65D}\Version 0.2.0
HKEY_CLASSES_ROOT\CLSID\{10ADD1E8-EC8A-4719-B39D-B46DD1D6A65D}\VersionIndependentProgID PrintView.PrintViewBar
HKEY_CLASSES_ROOT\CLSID\{10ADD1E8-EC8A-4719-B39D-B46DD1D6A65D} PrintView
HKEY_CLASSES_ROOT\CLSID\{90FE6C53-F8B4-4631-B42A-02D63D1C949C}
HKEY_CLASSES_ROOT\CLSID\{90FE6C53-F8B4-4631-B42A-02D63D1C949C}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{90FE6C53-F8B4-4631-B42A-02D63D1C949C}\ProgID PrintView.PrintViewBarH.1
HKEY_CLASSES_ROOT\CLSID\{90FE6C53-F8B4-4631-B42A-02D63D1C949C}\TypeLib {24723349-C5C0-44c2-837D-84250E6B2A12}
HKEY_CLASSES_ROOT\CLSID\{90FE6C53-F8B4-4631-B42A-02D63D1C949C}\Version 0.2.0
HKEY_CLASSES_ROOT\CLSID\{90FE6C53-F8B4-4631-B42A-02D63D1C949C}\VersionIndependentProgID PrintView.PrintViewBarH
HKEY_CLASSES_ROOT\CLSID\{90FE6C53-F8B4-4631-B42A-02D63D1C949C} PrintView


Cookie: ad.yieldmanager Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\xp administrator\cookies\xp administrator@ad.yieldmanager[2].txt


Cookie: ABetterInternet.Aurora Cookie Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\xp administrator\cookies\xp administrator@a[1].txt


Cookie: BurstNet.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\xp administrator\cookies\xp administrator@burstnet[1].txt


Cookie: dedmazai.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\xp administrator\cookies\xp administrator@cgi-bin[1].txt
c:\documents and settings\xp administrator\cookies\xp administrator@cgi-bin[2].txt
c:\documents and settings\xp administrator\cookies\xp administrator@cgi-bin[3].txt


Cookie: DealTime Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\xp administrator\cookies\xp administrator@dealtime[1].txt


Cookie: DriveCleaner Cookie (General) more information...
Status: Deleted

Infected cookies detected
c:\documents and settings\xp administrator\cookies\xp administrator@drivecleaner[1].txt


Cookie: GeoCities Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\xp administrator\cookies\xp administrator@geocities[1].txt


Cookie: ICOO Loader Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\xp administrator\cookies\xp administrator@icoonet[2].txt


Cookie: IndexTools.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\xp administrator\cookies\xp administrator@indextools[2].txt


Cookie: Desktop Spy Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\xp administrator\cookies\xp administrator@list[1].txt


Cookie: RealMedia.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\xp administrator\cookies\xp administrator@realmedia[1].txt


Cookie: Ajan 1.0 Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\xp administrator\cookies\xp administrator@xiti[1].txt



====================



Hijack This Log



Logfile of HijackThis v1.99.1
Scan saved at 01:14:00, on 18/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\CounterSpy.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunServer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\XP Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.psystation.net/index.php
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\WINDOWS\config sys\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [CounterSpyCleaner] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe
O4 - Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
O4 - Global Startup: 2Wire Wireless Client.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...anner371100.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.telewest.co.uk/motive/files/MotivePreQual.cab
O16 - DPF: {DA511858-B44C-439E-A0EA-704ED20035E7} (EphoxEditLive4.EditLive) - http://www.beepworld.de/hp/activexeditor/editlive4.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe


====================

The version of Firefox I have is 1.5.

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:56 PM

Posted 18 November 2006 - 09:26 AM

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)



Delete these folders, if present.

C:\Program Files\Common Files\Paltalk
C:\Program Files\Paltalk Messenger



Let's check some settings in Firefox.
Click Tools -> Options
Select the General tab and then click Connection Settings
You should have selected "Direct Connection to the Internet".


Have you recently installed any new extensions for Firefox?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users