Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help!


  • Please log in to reply
7 replies to this topic

#1 sonixevo

sonixevo

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 16 March 2007 - 07:09 AM

Hello, could someone help to review this log? I'm having popups for both IE and FF, and some ipwins.exe thing which can't seem to be removed from control panel.. And my messenger suddenly stopped working...

Thanks in advance!

Logfile of HijackThis v1.99.1
Scan saved at 8:03:55 PM, on 3/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\{F41B5959-06A5-1033-0104-060715050001}\Update.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchosts.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\yeo's\Desktop\Shang Long\Hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{F41B5959-06A5-1033-0104-060715050001}] "C:\Program Files\Common Files\{F41B5959-06A5-1033-0104-060715050001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [{F41B5959-06A4-1033-0104-060715050001}] "C:\Program Files\Common Files\{F41B5959-06A4-1033-0104-060715050001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: .protected
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1146382761165
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 16 March 2007 - 07:26 AM

Welcome to the BleepingComputer HijackThis forum sonixevo :thumbsup:

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

****************************

Download LSPFix from:
http://www.bleepingcomputer.com/files/spyware/lspfix.zip
Once LSP-Fix is downloaded, extract it to your desktop.
Close all windows on your computer.
Launch/start lspfix.
Put a checkmark in the 'I know what I'm doing' checkbox.
Now move any instances of "WebHancer" into the remove box using the >> button.
Press the finish button.
Then reboot.

****************************

Download SmitfraudFix (by S!Ri), to your desktop.
Double click on Smitfraudfix.cmd
Select option #1 – Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

***************************

Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Please then reboot your computer into Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode, right click the SDFix.zip folder and choose Extract All,
* Open the extracted folder and double click RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.Also post the Smitfraudfix report and a new Hijackthis log please.
Posted Image
Posted Image

#3 sonixevo

sonixevo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 16 March 2007 - 08:21 PM

Hello, thanks for your quick reply! There doesnt seem to be any webhancer to be removed when i run the LSPFix. Here are the logs below:

SmitFraudFix v2.148

Scan done at 8:58:46.32, Sat 03/17/2007
Run from C:\Documents and Settings\yeo's\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\.protected FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\svchosts.exe FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\yeo's


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\yeo's\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\yeo's\STARTM~1\Programs\Startup\.protected FOUND !
C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Security Troubleshooting.url FOUND !
C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Programs\Startup\.protected FOUND !


SDFix: Version 1.73

Run by yeo's - Sat 03/17/2007 - 9:04:36.46

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\Documents and Settings\yeo's\Desktop\SDFix\SDFix

Safe Mode:
Checking Services:

Name:
COM+ Messages

Path:
"C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272

COM+ Messages Deleted



Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\svchosts.exe - Deleted
C:\WINDOWS\system32\unsvchosts.lzma - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\Electric Rain\\Swift 3D\\Version 4.50\\Program\\Swift3D.exe"="C:\\Program Files\\Electric Rain\\Swift 3D\\Version 4.50\\Program\\Swift3D.exe:*:Enabled:Swift 3D"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Warcraft III\\War3.exe"="C:\\Program Files\\Warcraft III\\War3.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Warcraft III\\ftinst.tmp\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\ftinst.tmp\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"


Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\yeo's\Desktop\SDFix\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\Documents and Settings\Yeo\Local Settings\Application Data\Microsoft\Messenger\yeoshanglong@Hotmail.com\SharingMetadata\Working\FileIDTable_2
C:\Documents and Settings\Yeo\Local Settings\Application Data\Microsoft\Messenger\yeoshanglong@Hotmail.com\SharingMetadata\Working\SimilarityTable_2
C:\Documents and Settings\Yeo\NetHood\nres2 on schdnaweb.schooldna.com\Desktop.ini
C:\Documents and Settings\Yeo\NetHood\nres4 on schdnaweb.schooldna.com\Desktop.ini
C:\Documents and Settings\Yeo\NetHood\nres4 on web.lead.com.sg\Desktop.ini
C:\Documents and Settings\Yeo\NetHood\sonixevo.bizhat.com\Desktop.ini
C:\Documents and Settings\Yeo\Application Data\Microsoft\Templates\~WRL3449.tmp
C:\Documents and Settings\Yeo\Application Data\Microsoft\Word\~WRL1286.tmp
C:\Documents and Settings\Yeo\Application Data\Microsoft\Word\~WRL2665.tmp
C:\Documents and Settings\Yeo\Application Data\Microsoft\Word\~WRL3183.tmp
C:\Documents and Settings\Yeo\Application Data\Microsoft\Word\~WRL3355.tmp
C:\Documents and Settings\Yeo\Application Data\Microsoft\Word\~WRL4100.tmp
C:\Documents and Settings\yeo's\Desktop\P3 Ex\~WRL0003.tmp
C:\Documents and Settings\yeo's\Desktop\P5 Ex\~WRL0003.tmp
C:\Documents and Settings\yeo's\Desktop\Shang Long\School Stuff\KI\Assignments\~WRL0003.tmp
C:\Documents and Settings\yeo's\Desktop\Shang Long\School Stuff\KI\Assignments\~WRL1153.tmp
C:\Documents and Settings\yeo's\Desktop\Shang Long\School Stuff\KI\Assignments\~WRL2888.tmp
C:\Yeo - 03 - 06 files\~WRL0002.tmp
C:\Yeo - 03 - 06 files\~WRL0003.tmp
C:\Yeo - 03 - 06 files\~WRL0005.tmp
C:\Yeo - 03 - 06 files\~WRL0419.tmp
C:\Yeo - 03 - 06 files\~WRL0618.tmp
C:\Yeo - 03 - 06 files\~WRL0779.tmp
C:\Yeo - 03 - 06 files\~WRL2296.tmp
C:\Yeo - 03 - 06 files\~WRL2514.tmp
C:\Yeo - 03 - 06 files\~WRL2818.tmp
C:\Yeo - 03 - 06 files\~WRL2902.tmp
C:\Yeo - 03 - 06 files\~WRL3019.tmp
C:\Yeo - 03 - 06 files\~WRL3931.tmp
C:\Yeo - 03 - 06 files\Chang Long\school stuff\history\~WRL0003.tmp
C:\Yeo - 03 - 06 files\Chang Long\school stuff\IP\~WRL0005.tmp
C:\Yeo - 03 - 06 files\Chang Long\school stuff\IP\~WRL0368.tmp
C:\Yeo - 03 - 06 files\Chang Long\school stuff\IP\~WRL0514.tmp
C:\Yeo - 03 - 06 files\Chang Long\school stuff\IP\~WRL0642.tmp
C:\Yeo - 03 - 06 files\Chang Long\school stuff\IP\~WRL2178.tmp
C:\Yeo - 03 - 06 files\Chang Long\school stuff\IP\~WRL2871.tmp

Finished

Logfile of HijackThis v1.99.1
Scan saved at 9:18:02 AM, on 3/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\{F41B5959-06A5-1033-0104-060715050001}\Update.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\yeo's\Desktop\Shang Long\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll (file missing)
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{F41B5959-06A5-1033-0104-060715050001}] "C:\Program Files\Common Files\{F41B5959-06A5-1033-0104-060715050001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [{F41B5959-06A4-1033-0104-060715050001}] "C:\Program Files\Common Files\{F41B5959-06A4-1033-0104-060715050001}\Update.exe" mc-110-12-0000272
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Startup: .protected
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1146382761165
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 16 March 2007 - 08:53 PM

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Double click on Smitfraudfix.cmd
Select #2 and hit Enter to delete the infected files.
You will be prompted: 'Do you want to clean the registry?' answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): 'Replace infected file ?' answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process.
The report can be found at the root of the system drive, usually at C:\rapport.txt

Post the smitfraudfix report,and a new Hijack This log into your next reply.
Posted Image
Posted Image

#5 sonixevo

sonixevo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 17 March 2007 - 04:27 AM

Hello, here's the smit and hijackthis reports. Heh the frequent popups are gone! But now there are random, but much less frequent ones...

SmitFraudFix v2.148

Scan done at 14:29:03.81, Sat 03/17/2007
Run from C:\Documents and Settings\yeo's\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Logfile of HijackThis v1.99.1
Scan saved at 5:25:31 PM, on 3/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\{F41B5959-06A5-1033-0104-060715050001}\Update.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\yeo's\Desktop\Shang Long\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll (file missing)
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{F41B5959-06A5-1033-0104-060715050001}] "C:\Program Files\Common Files\{F41B5959-06A5-1033-0104-060715050001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [{F41B5959-06A4-1033-0104-060715050001}] "C:\Program Files\Common Files\{F41B5959-06A4-1033-0104-060715050001}\Update.exe" mc-110-12-0000272
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1146382761165
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 17 March 2007 - 05:53 AM

Please make sure all hidden files are showing:

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

*******************************

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions very carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Note:
If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here:
http://download.ewido.net/avgas-signatures-full-current.exe

Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll (file missing)
O4 - HKLM\..\Run: [{F41B5959-06A5-1033-0104-060715050001}] "C:\Program Files\Common Files\{F41B5959-06A5-1033-0104-060715050001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [{F41B5959-06A4-1033-0104-060715050001}] "C:\Program Files\Common Files\{F41B5959-06A4-1033-0104-060715050001}\Update.exe" mc-110-12-0000272
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)


Find and delete:
C:\Program Files\Common Files\{F41B5959-06A5-1033-0104-060715050001}
C:\Program Files\Common Files\{F41B5959-06A4-1033-0104-060715050001}
C:\Program Files\Ipwindows

Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

********************************

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.

Post the AVG Anti Spyware report,the BitDefender Online Scanner log, and a new Hijackthis log into your next reply.
Let me know how your pc is running now please.
Posted Image
Posted Image

#7 sonixevo

sonixevo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 18 March 2007 - 12:10 AM

Hello, thanks a lot! Heh all the popups are gone now. thank you so much, here are the reports:

Logfile of HijackThis v1.99.1
Scan saved at 1:04:56 PM, on 3/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\yeo's\Desktop\Shang Long\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1146382761165
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:55:12 PM 3/18/2007

+ Scan result:



HKU\S-1-5-21-1993962763-1958367476-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{873EB32D-AE1A-4183-89BD-45A77F761BE4} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\ipwins\ipwins.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17719D58-321D-4D12-B8D9-3E2D9B5BABB6}\RP108\A0082518.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17719D58-321D-4D12-B8D9-3E2D9B5BABB6}\RP108\A0082519.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc1\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc1\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17719D58-321D-4D12-B8D9-3E2D9B5BABB6}\RP109\A0084654.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17719D58-321D-4D12-B8D9-3E2D9B5BABB6}\RP109\A0084655.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17719D58-321D-4D12-B8D9-3E2D9B5BABB6}\RP109\A0084668.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17719D58-321D-4D12-B8D9-3E2D9B5BABB6}\RP109\A0084669.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\webHancer -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs\whAgent.ini -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17719D58-321D-4D12-B8D9-3E2D9B5BABB6}\RP107\A0082509.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17719D58-321D-4D12-B8D9-3E2D9B5BABB6}\RP107\A0082511.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17719D58-321D-4D12-B8D9-3E2D9B5BABB6}\RP96\A0080512.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17719D58-321D-4D12-B8D9-3E2D9B5BABB6}\RP96\A0080514.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17719D58-321D-4D12-B8D9-3E2D9B5BABB6}\RP97\A0080537.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17719D58-321D-4D12-B8D9-3E2D9B5BABB6}\RP97\snapshot\MFEX-2.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\yeo's\Desktop\SDFix\SDFix\backups\backups.zip/backups/svchosts.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17719D58-321D-4D12-B8D9-3E2D9B5BABB6}\RP108\A0082555.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17719D58-321D-4D12-B8D9-3E2D9B5BABB6}\RP108\A0082559.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17719D58-321D-4D12-B8D9-3E2D9B5BABB6}\RP81\A0072143.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17719D58-321D-4D12-B8D9-3E2D9B5BABB6}\RP81\A0072144.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\Program Files\ipwins\Services.dll -> Downloader.Small.ece : Cleaned with backup (quarantined).
C:\Program Files\ipwins\Uninst.exe -> Dropper.DollarR.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{17719D58-321D-4D12-B8D9-3E2D9B5BABB6}\RP109\A0083603.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Cleaned with backup (quarantined).
:mozilla.360:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.361:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.362:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.363:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.364:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.365:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.366:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.367:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.368:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.369:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.370:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.371:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.372:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.373:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.374:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.375:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.376:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.377:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.378:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.379:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.380:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.381:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.382:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.383:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.384:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.385:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.386:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.387:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.388:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.389:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.390:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.394:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.395:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.396:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.397:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.398:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.399:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.400:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.401:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.402:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.403:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.404:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.405:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.406:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.407:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.408:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.409:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.411:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.412:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.413:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.414:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.424:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.424:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.498:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.841:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.257:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.258:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.259:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.260:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.261:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.648:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.649:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.650:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.651:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.643:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.643:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.155:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.155:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.564:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.565:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.567:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.568:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.569:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.190:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.252:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.252:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.800:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.801:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.802:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.753:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.754:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.270:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.273:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.274:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.275:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.278:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.279:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.281:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.282:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.283:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.61:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.61:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.62:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.62:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.63:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.63:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.64:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.64:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.65:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.65:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.66:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.66:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.67:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.67:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.68:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.68:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.69:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.69:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.451:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.451:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.620:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.621:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.622:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.623:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.88:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.88:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.89:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.89:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.263:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.263:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.264:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.264:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.34:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.35:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.36:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.255:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.255:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.256:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.256:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.257:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.257:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.258:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.258:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.259:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.259:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.150:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.150:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.151:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.151:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.152:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.152:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.153:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.153:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.154:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.154:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.484:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.484:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.603:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.176:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.177:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.178:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.179:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.180:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.27:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.27:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.28:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.28:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.684:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.684:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.685:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.685:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.964:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.296:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.297:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.298:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.307:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.307:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.332:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.332:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.349:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.350:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.463:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.573:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.573:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.696:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.696:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.697:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.697:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.698:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.698:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.699:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.699:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.751:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.812:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.812:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.813:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.813:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.944:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.944:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.945:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.945:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.296:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.296:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.680:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.680:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.829:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.487:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.488:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.213:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.213:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.569:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.569:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.236:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.236:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.496:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.960:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.960:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.961:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.961:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.534:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.536:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.537:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.958:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.103:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.217:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.217:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.408:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.408:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.409:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.409:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.410:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.410:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.411:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.411:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.592:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.593:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.594:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.595:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.78:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.78:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.92:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.93:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.94:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.95:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.100:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.100:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.529:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.530:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.531:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.387:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.387:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.828:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.624:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.629:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.630:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.631:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.632:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.633:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.634:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.635:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.636:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.637:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.238:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.239:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.240:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.241:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.242:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.243:C:\Documents and Settings\yeo's\Application Data\Mozilla\Firefox\Profiles\mx3s4d5a.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.83:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.83:C:\Documents and Settings\Yeo\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.84:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox\Profiles\vya70hwj.sl\cookies.t

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 18 March 2007 - 05:13 AM

Your log is clean :thumbsup:
If all's ok,please do the following:

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.

Turn 'System Restore' back on:
Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.

Create a new 'System Restore' point:
Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description,then click on 'Create',then click 'Close'.
The date and time is created automatically.

Read through the information found here,to help you prevent any possible future infections.
Simple and easy ways to keep your computer safe and secure on the Internet:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Please Note:
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6.0'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users