Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Regedit, Internet Explorer Closes After 1 Second


  • Please log in to reply
29 replies to this topic

#1 goggy

goggy

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 31 December 2006 - 02:16 PM

Regedit, crapcleaner, internet explorer closes right after opening. I am able to run Opera, but if I go to any type of help site it also closes. I need to power down to reboot.
Following the instructions from here:

ran adaware
ran spybot s&d
ran trendmicro housecall
it found: tspy_analogxproxy
adware_abetterinternet
troj_generic
troj_generic.z
updated and ran my antivirus (Avira)
ran Mcafee Stinger.
cleaned tempfiles

problem still exists.

here is my Hijack log, please let me know what to do next:

Logfile of HijackThis v1.99.1
Scan saved at 1:55:05 PM, on 12/31/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Cacheman\Cacheman.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PopTray\PopTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Admin\My Documents\1\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Easy SpyRemover] C:\Program Files\Easy SpyRemover\EasySpyRemover.exe /smart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\Cacheman\Cacheman.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe
O4 - Startup: swg.lnk = C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: DigiChat Applet - http://host7.digichat.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/cfw..._instmodule.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123541348431
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {701DC9DC-ACD5-4E94-85E3-F3F1ED68611A} (CWebClientCtl Object) - http://download.paltalk.com/webclient_prod...ebclientctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://cdn.messenger.msn.com/download/MsnM...pDownloader.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 31 December 2006 - 05:51 PM

1. Download this file :

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

=======================
Download Superantispyware

http://www.superantispyware.com/superantis...efreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.
Please paste that information here for me with a new HijackThis log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 goggy

goggy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 31 December 2006 - 07:29 PM

OK here are the combofix and new hijack logs. I could not install superantispyware. I get this message: The windows installer service could not be accessed.
This can occur if you are running windows in safe mode,
or if the windows installer is not correctly installed. contact
your support personnel for assistance.

The virus would not let me install it in regular mode. It would close it before I could get through any prompts. I tried a couple times and it closed it almost right away.

Here are the logs:
Admin - 06-12-31 18:38:02.83 Service Pack 1
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Admin\My Documents\1"

((((((((((((((((((((((((((((((( Files Created from 2006-11-31 to 2006-12-31 ))))))))))))))))))))))))))))))))))


2006-12-31 13:56 dr-h----- C:\Documents and Settings\Admin\Recent
2006-12-31 10:29 d-------- C:\Documents and Settings\Admin\.housecall6.6
2006-12-30 22:38 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2006-12-30 17:53 d-------- C:\sizer
2006-12-30 17:17 d-------- C:\Program Files\Easy SpyRemover
2006-12-30 17:10 d-------- C:\Documents and Settings\Admin\Application Data\Uniblue
2006-12-30 16:32 122,880 --a------ C:\f-bagle.exe
2006-12-30 08:23 d-------- C:\Documents and Settings\Admin\Application Data\Media Player Classic
2006-12-30 08:21 d-------- C:\Program Files\Media Player Classic
2006-12-30 08:21 d-------- C:\Documents and Settings\All Users\Application Data\Real
2006-12-30 08:21 d-------- C:\Documents and Settings\Admin\Application Data\Real
2006-12-28 08:39 d-------- C:\Documents and Settings\Admin\Application Data\Canon
2006-12-27 14:32 d-------- C:\Documents and Settings\Admin\Application Data\DivX
2006-12-27 14:28 d-------- C:\Documents and Settings\Admin\.drdivx2
2006-12-27 14:26 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-12-27 14:26 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-12-25 19:28 d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2006-12-25 19:08 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2006-12-25 19:08 150,528 --a------ C:\WINDOWS\system32\ptpusd.dll
2006-12-25 18:57 d-------- C:\Program Files\Canon
2006-12-24 08:25 d-------- C:\Documents and Settings\Admin\Application Data\GetRightToGo
2006-12-23 16:04 d-------- C:\Documents and Settings\Admin\Application Data\Imagenomic
2006-12-23 08:31 227,840 --a------ C:\WINDOWS\system32\Deco_32.dll
2006-12-23 08:31 d-------- C:\Program Files\Common Files\onOne Software Shared
2006-12-19 09:03 d-------- C:\Documents and Settings\Admin\Application Data\ZoomBrowser EX
2006-12-19 08:58 d-------- C:\Program Files\Common Files\Canon
2006-12-19 08:19 d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2006-12-19 08:18 d-------- C:\Program Files\ACD Systems
2006-12-15 16:42 d-------- C:\Autostitch
2006-12-12 11:30 520,192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-12-12 11:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-12-12 11:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-12-12 11:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-12-12 11:25 806,912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-12-12 11:25 806,912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-12-12 11:25 790,528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-12-12 11:25 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-12-12 11:25 635,486 --a------ C:\WINDOWS\system32\DivX.dll
2006-12-12 11:25 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-12-12 11:25 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-12-12 11:25 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-12-12 11:25 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-12-12 11:25 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-12-12 11:25 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-12-12 11:25 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-12-12 11:24 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-12-12 11:24 118,784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-12-07 18:45 d-------- C:\Program Files\Google
2006-12-07 18:45 d-------- C:\Documents and Settings\All Users\Application Data\Google
2006-12-02 13:15 d-------- C:\Documents and Settings\Admin\Application Data\Alien Skin


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-31 10:32 -------- d-------- C:\Program Files\Internet Explorer
2006-12-31 09:25 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-30 21:38 -------- d-------- C:\Program Files\Windows Media Player
2006-12-30 10:06 14848 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-12-30 09:49 -------- d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2006-12-29 09:04 -------- d-------- C:\Program Files\YD
2006-12-28 20:41 -------- d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2006-12-28 19:41 -------- d-------- C:\Program Files\FlashGet
2006-12-28 09:14 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-27 18:32 -------- d-------- C:\Program Files\Drawing for Children the kids pics
2006-12-27 15:45 -------- d-------- C:\Program Files\IsoBuster
2006-12-27 14:03 553 --a------ C:\Documents and Settings\Admin\Application Data\AutoGK.ini
2006-12-24 08:27 -------- d-------- C:\Program Files\IrfanView
2006-12-23 13:57 -------- d-------- C:\Program Files\Adobe
2006-12-23 08:31 -------- d-------- C:\Program Files\Common Files
2006-12-22 14:43 -------- d-------- C:\Program Files\PopTray
2006-12-21 19:15 -------- d-------- C:\Program Files\AntiVir PersonalEdition Classic
2006-12-21 11:08 -------- d-------- C:\Program Files\Yahoo!
2006-12-20 13:20 -------- d-------- C:\Program Files\Opera
2006-12-19 10:42 10368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2006-12-19 08:19 -------- d-------- C:\Program Files\Common Files\ACD Systems
2006-12-16 07:37 -------- d-------- C:\Documents and Settings\Admin\Application Data\Google
2006-12-13 19:00 -------- d-------- C:\Program Files\Outlook Express
2006-12-13 18:08 34304 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-12-13 18:08 14848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2006-11-25 09:45 4001792 --a------ C:\WINDOWS\system32\qt-mt333.dll
2006-11-25 07:52 -------- d-------- C:\Program Files\AutoIt3
2006-11-22 15:56 -------- d-------- C:\Program Files\Sierra On-Line
2006-11-22 10:55 -------- d-------- C:\Program Files\yBook
2006-11-17 19:37 -------- d-------- C:\Program Files\KeyNote
2006-10-22 11:01 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-10-22 11:01 249856 --------- C:\WINDOWS\Setup1.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"Cacheman"="C:\\PROGRA~1\\Cacheman\\Cacheman.exe"
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Easy SpyRemover"="C:\\Program Files\\Easy SpyRemover\\EasySpyRemover.exe /smart"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,80,00,00,00,00,00,00,00,00,02,00,00,c4,01,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,20,01,00,00,00,00,00,00,60,03,00,00,42,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,20,01,00,00,00,00,00,00,60,03,00,00,42,03,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=hex:00,00,00,00
"NoSaveSettings"=hex:00,00,00,00
"ClearRecentDocsOnExit"=hex:01,00,00,00
"NoClose"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ezSP_Px"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="services"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\inet10079\\services.exe"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=dword:00000002

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-12-31 18:40:37.23
C:\ComboFix.txt ... 06-12-31 18:40


Logfile of HijackThis v1.99.1
Scan saved at 6:56:18 PM, on 12/31/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Cacheman\Cacheman.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PopTray\PopTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Admin\My Documents\1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Easy SpyRemover] C:\Program Files\Easy SpyRemover\EasySpyRemover.exe /smart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\Cacheman\Cacheman.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe
O4 - Startup: swg.lnk = C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: DigiChat Applet - http://host7.digichat.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/cfw..._instmodule.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123541348431
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {701DC9DC-ACD5-4E94-85E3-F3F1ED68611A} (CWebClientCtl Object) - http://download.paltalk.com/webclient_prod...ebclientctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://cdn.messenger.msn.com/download/MsnM...pDownloader.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 31 December 2006 - 07:40 PM

Delete this folder

C:\WINDOWS\inet10079
=============
http://support.microsoft.com/kb/315346
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 goggy

goggy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 31 December 2006 - 08:05 PM

Delete this folder

C:\WINDOWS\inet10079
=============
http://support.microsoft.com/kb/315346



That folder does not exist. I did remove that line from the registry.

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 31 December 2006 - 08:10 PM

Did you follow that link to MS for the installer problem
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 goggy

goggy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 31 December 2006 - 09:23 PM

Did you follow that link to MS for the installer problem


OK ran thru the instructions from MS for the installer problem. Now, still in safe mode when I try to install superantispyware, I get this message:

"Corrupt installation detected, check source media or re-download."

I re-downloaded and tried again with the same message.

Should I be in safe mode?

#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 31 December 2006 - 10:00 PM

No do it in normal mode
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#9 goggy

goggy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 31 December 2006 - 10:26 PM

No do it in normal mode


No good, still get the "Corrupt installation detected, check source media or re-download."
message.

#10 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 31 December 2006 - 10:44 PM

Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop. Note: This is NOT the Anti Virus from AVG.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.
1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
o Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
o Select "Automatically generate report after every scan"
o Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4. AVG will now begin the scanning process. Please be patient as this may take a little time.
Once the scan is complete, do the following:
5. If you have any infections you will be prompted. Then select "Apply all actions."
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the log from AVG and a new HiJack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#11 goggy

goggy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 01 January 2007 - 12:32 AM

First off Happy New Year, and thank you for helping me......

AVG Anti-Spyware found a few tracking cookies.
here is the latest reports. The problem still exists

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:14:30 AM 1/1/2007

+ Scan result:



:mozilla.400:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.2o7 : No action taken.
:mozilla.48:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.2o7 : No action taken.
:mozilla.49:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.2o7 : No action taken.
:mozilla.50:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.2o7 : No action taken.
:mozilla.51:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.2o7 : No action taken.
:mozilla.52:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.2o7 : No action taken.
:mozilla.53:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.2o7 : No action taken.
:mozilla.54:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.2o7 : No action taken.
:mozilla.55:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.2o7 : No action taken.
:mozilla.56:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.2o7 : No action taken.
:mozilla.57:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.2o7 : No action taken.
:mozilla.58:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.2o7 : No action taken.
:mozilla.59:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.2o7 : No action taken.
:mozilla.62:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.173:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Adbrite : No action taken.
:mozilla.176:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Adbrite : No action taken.
:mozilla.433:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Adbrite : No action taken.
:mozilla.638:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Alyssa\Cookies\alyssa@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.312:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Admarketplace : No action taken.
C:\Documents and Settings\Alyssa\Cookies\alyssa@admarketplace[2].txt -> TrackingCookie.Admarketplace : No action taken.
:mozilla.234:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Advertising : No action taken.
:mozilla.45:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Atdmt : No action taken.
:mozilla.401:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Bfast : No action taken.
:mozilla.267:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.268:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.38:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Casalemedia : No action taken.
:mozilla.151:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Clickzs : No action taken.
:mozilla.152:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Clickzs : No action taken.
:mozilla.177:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Clickzs : No action taken.
:mozilla.178:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Clickzs : No action taken.
:mozilla.291:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Clickzs : No action taken.
:mozilla.292:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Clickzs : No action taken.
:mozilla.379:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Clickzs : No action taken.
:mozilla.668:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Clickzs : No action taken.
:mozilla.669:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Clickzs : No action taken.
:mozilla.6:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Clickzs : No action taken.
:mozilla.7:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Clickzs : No action taken.
:mozilla.205:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Com : No action taken.
:mozilla.206:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@software.techrepublic.com[1].txt -> TrackingCookie.Com : No action taken.
:mozilla.666:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Cqcounter : No action taken.
:mozilla.46:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Doubleclick : No action taken.
:mozilla.47:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Doubleclick : No action taken.
:mozilla.676:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\Alyssa\Cookies\alyssa@c.goclick[2].txt -> TrackingCookie.Goclick : No action taken.
:mozilla.216:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Hitbox : No action taken.
:mozilla.217:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Hitbox : No action taken.
:mozilla.218:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Hitbox : No action taken.
:mozilla.219:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Hitbox : No action taken.
:mozilla.221:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Hitbox : No action taken.
:mozilla.236:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Hitbox : No action taken.
:mozilla.237:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Hitbox : No action taken.
:mozilla.238:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Hitbox : No action taken.
:mozilla.239:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Hitbox : No action taken.
:mozilla.295:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Hitbox : No action taken.
:mozilla.330:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Hitbox : No action taken.
:mozilla.331:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Hitbox : No action taken.
:mozilla.425:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Hitbox : No action taken.
:mozilla.426:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Hitbox : No action taken.
:mozilla.471:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Hitbox : No action taken.
:mozilla.572:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Hitbox : No action taken.
:mozilla.656:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Alyssa\Cookies\alyssa@ehg-etoys.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.10:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Hitslink : No action taken.
:mozilla.11:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Hitslink : No action taken.
:mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Hitslink : No action taken.
:mozilla.9:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Hitslink : No action taken.
:mozilla.536:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Liveperson : No action taken.
:mozilla.537:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Liveperson : No action taken.
:mozilla.538:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Liveperson : No action taken.
:mozilla.340:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Masterstats : No action taken.
:mozilla.44:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Mediaplex : No action taken.
:mozilla.390:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.180:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Overture : No action taken.
:mozilla.181:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Overture : No action taken.
:mozilla.460:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Alyssa\Cookies\alyssa@data3.perf.overture[2].txt -> TrackingCookie.Overture : No action taken.
:mozilla.66:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Paycounter : No action taken.
:mozilla.100:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.101:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.102:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.103:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.104:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.105:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.106:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.107:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.108:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.109:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.110:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.111:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.112:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.113:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.114:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.115:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.116:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.67:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.68:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.69:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.70:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.71:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.72:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.73:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.74:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.75:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.76:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.77:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.78:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.79:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.80:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.81:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.82:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.83:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.84:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.85:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.86:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.87:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.88:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.89:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.90:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.91:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.92:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.93:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.94:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.95:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.96:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.97:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.98:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.99:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexcounter : No action taken.
:mozilla.14:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexlist : No action taken.
:mozilla.15:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexlist : No action taken.
:mozilla.16:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexlist : No action taken.
:mozilla.17:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexlist : No action taken.
:mozilla.18:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexlist : No action taken.
:mozilla.19:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexlist : No action taken.
:mozilla.20:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexlist : No action taken.
:mozilla.21:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexlist : No action taken.
:mozilla.22:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexlist : No action taken.
:mozilla.23:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexlist : No action taken.
:mozilla.24:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Sexlist : No action taken.
:mozilla.36:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Specificclick : No action taken.
:mozilla.621:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Spylog : No action taken.
:mozilla.120:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Statcounter : No action taken.
:mozilla.121:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Statcounter : No action taken.
:mozilla.122:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Statcounter : No action taken.
:mozilla.123:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Statcounter : No action taken.
:mozilla.124:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Statcounter : No action taken.
:mozilla.125:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Statcounter : No action taken.
:mozilla.126:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Statcounter : No action taken.
:mozilla.127:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Statcounter : No action taken.
:mozilla.128:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Statcounter : No action taken.
:mozilla.129:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Statcounter : No action taken.
:mozilla.130:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Statcounter : No action taken.
:mozilla.131:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Statcounter : No action taken.
:mozilla.132:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Statcounter : No action taken.
:mozilla.133:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Statcounter : No action taken.
:mozilla.134:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Statcounter : No action taken.
:mozilla.135:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Statcounter : No action taken.
:mozilla.136:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Statcounter : No action taken.
:mozilla.137:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Statcounter : No action taken.
:mozilla.214:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Tacoda : No action taken.
:mozilla.215:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Alyssa\Cookies\alyssa@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Alyssa\Cookies\alyssa@login.tracking101[2].txt -> TrackingCookie.Tracking101 : No action taken.
C:\Documents and Settings\Admin\Cookies\admin@trafic[1].txt -> TrackingCookie.Trafic : No action taken.
:mozilla.449:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Web-stat : No action taken.
:mozilla.450:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Web-stat : No action taken.
:mozilla.374:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Weborama : No action taken.
:mozilla.323:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.192:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Yadro : No action taken.
:mozilla.243:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.244:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.245:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.246:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.247:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.248:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.249:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Alyssa\Cookies\alyssa@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.63:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Zedo : No action taken.
:mozilla.64:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0 -> TrackingCookie.Zedo : No action taken.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 12:22:06 AM, on 1/1/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Cacheman\Cacheman.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PopTray\PopTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Documents and Settings\Admin\My Documents\1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Easy SpyRemover] C:\Program Files\Easy SpyRemover\EasySpyRemover.exe /smart
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\Cacheman\Cacheman.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe
O4 - Startup: swg.lnk = C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: DigiChat Applet - http://host7.digichat.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/cfw..._instmodule.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123541348431
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {701DC9DC-ACD5-4E94-85E3-F3F1ED68611A} (CWebClientCtl Object) - http://download.paltalk.com/webclient_prod...ebclientctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://cdn.messenger.msn.com/download/MsnM...pDownloader.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\System32\msiexec.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

#12 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 01 January 2007 - 09:16 AM

http://www.pandasoftware.com/products/activescan.htm

When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#13 goggy

goggy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 01 January 2007 - 10:49 AM

http://www.pandasoftware.com/products/activescan.htm

When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Running pandasoftware now, but only in safe mode. Virus will not let me run it in regular mode, the window just closes...

#14 goggy

goggy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 01 January 2007 - 12:15 PM

http://www.pandasoftware.com/products/activescan.htm

When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

OK it found somthing and says it disinfected it.
Here is the report:

Incident Status Location

Adware:adware/dloader Not disinfected c:\windows\system32\intronsad.exe
Virus:trj/qhost.gen Disinfected Operating system
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\phka1fbp.default\cookies.bk0[.kinghost.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Admin\Cookies\admin@2o7[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Alyssa\Cookies\alyssa@azjmp[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Alyssa\Cookies\alyssa@cgi-bin[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Alyssa\Cookies\alyssa@ct.360i[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Alyssa\Cookies\alyssa@dist.belnk[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Alyssa\Cookies\alyssa@go[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Alyssa\Cookies\alyssa@searchportal.information[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Alyssa\Cookies\alyssa@target[2].txt

#15 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 01 January 2007 - 12:25 PM

delete this file c:\windows\system32\intronsad.exe
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users