Post by: kirkland on February 08, 2007, 11:27:47 PM
I have been searching all over to find out what virus is running on my computer, i finally stumbled upon your site.
Computer Symptoms:
Upon Startup i am prompted with a window that says was unable to establish connection to the internet. work offline or try again. Not sure what program is causing this. If i select work offline the message keeps appearing.
Working on Mozilla new tabs will open teeling me to buy anti-virus software.
When entering safe mode windows doesnt fully load and i am only able to control things through task manager.
Any advise would be greatly appreciated.
Cheers,
Kirkland
I have downloaded hijackthis on after running the scan i get this log file:
Logfile of HijackThis v1.99.1
Scan saved at 2:59:39 PM, on 2/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\kirkland\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\uxvqgamo.dll",setvm
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: .protected
O4 - Global Startup: .protected
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 (http://\"http://go.microsoft.com/fwlink/?linkid=58813\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125762484531 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125762484531\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128563430656 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128563430656\")
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Post by: guestolo on February 11, 2007, 02:11:52 PM
If you still need a hand, can you do the following please
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/combofix.exe\") and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Also, Download the latest version of [color=\"red\"]SmitfraudFix[/color] (http://\"http://siri.urz.free.fr/Fix/SmitfraudFix.zip\")[/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Can you post back all the following please
1. Post the log from Smitfraudfix>>by default it will be located here C:\Rapport.txt
2. Post the log from Combofix>>C:\Combofix.txt
3. Post a fresh hijackthis log
Post by: kirkland on February 11, 2007, 09:17:13 PM
ComboFix Log
"kirkland" - 07-02-12 12:03:15 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\kirkland\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\kirkland\Application Data\Install.dat
C:\Program Files\Common Files\{28A3E~1
C:\Program Files\VSAdd-in
C:\WINDOWS\system32\components
((((((((((((((((((((((((((((((( Files Created from 2007-01-12 to 2007-02-12 ))))))))))))))))))))))))))))))))))
2007-02-09 14:57 <DIR> d-------- C:\HJT
2007-02-09 13:31 76,412 --a------ C:\WINDOWS\system32\joxykwwi.dll
2007-02-09 13:30 <DIR> d-------- C:\bintheredunthat
2007-02-09 13:26 713,391 ---hs---- C:\WINDOWS\system32\egjlm.ini2
2007-02-09 12:31 <DIR> d-------- C:\BFU
2007-02-09 12:29 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-09 12:29 <DIR> d-------- C:\Program Files\Grisoft
2007-02-06 13:10 <DIR> d-------- C:\Program Files\True Sword 4
2007-02-06 13:10 <DIR> d-------- C:\DOCUME~1\kirkland\Application Data\.TrueSwordSettings
2007-02-06 12:32 <DIR> d-------- C:\WINDOWS\pss
2007-01-31 20:58 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-01-31 17:37 76,412 --a------ C:\WINDOWS\system32\vvdsuixl.dll
2007-01-31 17:37 44,165 --a------ C:\WINDOWS\system32\yaxydvrk.dll
2007-01-31 17:06 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-31 17:01 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-15 15:33 <DIR> d--h-c--- C:\WINDOWS\ie7
2007-01-15 15:29 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-01-15 12:52 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-15 12:48 <DIR> d-------- C:\ebd0197059f4158a686a67b7
2007-01-15 10:41 32,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2007-01-15 10:41 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2007-01-15 10:41 <DIR> d-------- C:\Program Files\AntiVir PersonalEdition Classic
2007-01-15 10:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AntiVir PersonalEdition Classic
2007-01-12 10:44 44,060 --a------ C:\WINDOWS\system32\tbilspkc.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-12 12:06 -------- d-------- C:\Program Files\mozilla firefox
2007-02-09 13:31 498074 ---hs---- C:\WINDOWS\system32\egjlm.bak1
2007-02-09 13:30 497676 ---hs---- C:\WINDOWS\system32\egjlm.bak2
2007-02-06 13:10 -------- d-------- C:\DOCUME~1\kirkland\Application Data\.trueswordsettings
2007-02-05 15:06 -------- d-------- C:\Program Files\norton systemworks
2007-01-31 18:10 -------- d-------- C:\Program Files\mozilla thunderbird
2007-01-31 17:21 -------- d---s---- C:\DOCUME~1\kirkland\Application Data\microsoft
2007-01-18 16:13 -------- d--h----- C:\Program Files\installshield installation information
2007-01-18 16:12 -------- d-------- C:\Program Files\google
2006-12-20 14:37 -------- d-------- C:\Program Files\total video converter
2006-12-20 14:31 88340 --a------ C:\WINDOWS\system32\vtvfmhgj.exe
2006-12-20 14:31 44052 --a------ C:\WINDOWS\system32\ctgodxyq.dll
2006-12-20 14:31 118804 --a------ C:\WINDOWS\system32\uxvqgamo.dll
2006-11-27 19:45 60416 --------- C:\WINDOWS\system32\tzchange.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
@=""
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"EOUApp"="C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe"
"RemoteControl"="\"C:\\Program Files\\ASUSTek\\ASUSDVD\\PDVDServ.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\uxvqgamo.dll\",setvm"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljge
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzd32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService REG_MULTI_SZ DnsCache
DcomLaunch REG_MULTI_SZ DcomLaunchTermService
rpcss REG_MULTI_SZ RpcSs
imgsvc REG_MULTI_SZ StiSvc
termsvcs REG_MULTI_SZ TermService
WudfServiceGroup REG_MULTI_SZ WUDFSvc
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job
********************************************************************
catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net (http://\"http://www.gmer.net\")
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-02-12 12:15:20
Rapport Log
SmitFraudFix v2.141
Scan done at 13:05:29.10, Mon 02/12/2007
Run from C:\Documents and Settings\kirkland\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\.protected FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\ot.ico FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\kirkland
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\kirkland\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\kirkland\STARTM~1\Programs\Startup\.protected FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\kirkland\FAVORI~1
C:\DOCUME~1\kirkland\FAVORI~1\Antivirus Test Online.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Hijackthis Log
Logfile of HijackThis v1.99.1
Scan saved at 1:10:43 PM, on 2/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\mysql\bin\mysqld-nt.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\notepad.exe
C:\Documents and Settings\kirkland\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\uxvqgamo.dll",setvm
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: .protected
O4 - Global Startup: .protected
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 (http://\"http://go.microsoft.com/fwlink/?linkid=58813\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125762484531 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125762484531\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128563430656 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128563430656\")
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Post by: guestolo on February 11, 2007, 11:34:18 PM
Can you do the following please
It's possible that you are running more than one AntiVirus software
Norton's and Avira
If both are running, I suggest you uninstall one or the other
Keep the one your happiest with
Having more than one can cause system conflicts and instability
Reboot the computer afterwards
Back in Windows
Download [color=\"blue\"]VundoFix.exe[/color] (http://\"http://www.atribune.org/ccount/click.php?id=4\")
to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button."
Do a "System scan only" with Hijackthis and put a check next to these entries:
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\uxvqgamo.dll",setvm
O4 - Startup: .protected
O4 - Global Startup: .protected
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
- Double-click smitfraudfix.cmd
- Press any key to continue
- Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
- You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
- The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
I'll need to see these later, by default they are also saved at C:\rapport.txt
Reboot back to Normal Windows
1. Post a fresh hijackthis log
2. Post the report from Vundofix>>C:\Vundofix.txt
3. Post the report from Smitfraudfix>>C:\Rapport.txt
4. Could you also run Combofix again and post the fresh log
We'll have a bit more cleaning to do, but we should get it all next reply
NOTE: Can you please choose the ADD REPLY button when replying back to this thread, at the bottom right
That should prevent the need to quote my response
Post by: kirkland on February 12, 2007, 06:29:05 PM
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
The following file could not be found in the hijack scan.
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\uxvqgamo.dll",setvm
And the the following two files could not be deleted. The message said they were protected or they were in use. It reccomended using task manager to close them but i couldn't determine which process they were related to.
O4 - Startup: .protected
O4 - Global Startup: .protected
Good news is i am no longer prompeted to connect to the internet after startup and i was able to enter safe mode. Here are the log files requested.
Cheers
Hijack This Log
Logfile of HijackThis v1.99.1
Scan saved at 10:11:45 AM, on 2/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\mysql\bin\mysqld-nt.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\kirkland\Desktop\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3944A394-11E9-4444-9375-FA1B125BEF25} - C:\WINDOWS\system32\mljge.dll (file missing)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\yaxydvrk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 (http://\"http://go.microsoft.com/fwlink/?linkid=58813\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125762484531 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125762484531\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128563430656 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128563430656\")
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Rapport Log
SmitFraudFix v2.141
Scan done at 9:44:24.79, Tue 02/13/2007
Run from C:\Documents and Settings\kirkland\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\.protected Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\DOCUME~1\kirkland\STARTM~1\Programs\Startup\.protected Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected Deleted
C:\DOCUME~1\kirkland\FAVORI~1\Antivirus Test Online.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Vundo log
VundoFix V6.3.6
Checking Java version...
Java version is 1.5.0.2
Java version is 1.5.0.6
Scan started at 10:37:26 PM 2/12/2007
Listing files found while scanning....
C:\WINDOWS\system32\ctgodxyq.dll
C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\egjlm.bak2
C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\egjlm.ini2
C:\WINDOWS\system32\egjlm.tmp
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\omagqvxu.ini
C:\WINDOWS\system32\tbilspkc.dll
C:\WINDOWS\system32\uxvqgamo.dll
C:\WINDOWS\system32\vtvfmhgj.exe
C:\WINDOWS\system32\yaxydvrk.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ctgodxyq.dll
C:\WINDOWS\system32\ctgodxyq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\egjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\egjlm.bak2
C:\WINDOWS\system32\egjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\egjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\egjlm.ini2
C:\WINDOWS\system32\egjlm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\egjlm.tmp
C:\WINDOWS\system32\egjlm.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\mljge.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\omagqvxu.ini
C:\WINDOWS\system32\omagqvxu.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\tbilspkc.dll
C:\WINDOWS\system32\tbilspkc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\uxvqgamo.dll
C:\WINDOWS\system32\uxvqgamo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtvfmhgj.exe
C:\WINDOWS\system32\vtvfmhgj.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\yaxydvrk.dll
C:\WINDOWS\system32\yaxydvrk.dll Has been deleted!
Performing Repairs to the registry.
Done!
Combo fix log
"kirkland" - 07-02-13 10:06:23 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\kirkland\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))
2007-02-12 22:37 <DIR> d-------- C:\VundoFix Backups
2007-02-12 13:06 3,396 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-09 14:57 <DIR> d-------- C:\HJT
2007-02-09 13:31 76,412 --a------ C:\WINDOWS\system32\joxykwwi.dll
2007-02-09 13:30 <DIR> d-------- C:\bintheredunthat
2007-02-09 12:31 <DIR> d-------- C:\BFU
2007-02-09 12:29 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-09 12:29 <DIR> d-------- C:\Program Files\Grisoft
2007-02-06 13:10 <DIR> d-------- C:\Program Files\True Sword 4
2007-02-06 13:10 <DIR> d-------- C:\DOCUME~1\kirkland\Application Data\.TrueSwordSettings
2007-02-06 12:32 <DIR> d-------- C:\WINDOWS\pss
2007-01-31 20:58 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-01-31 17:37 76,412 --a------ C:\WINDOWS\system32\vvdsuixl.dll
2007-01-31 17:06 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-31 17:01 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-15 15:33 <DIR> d--h-c--- C:\WINDOWS\ie7
2007-01-15 15:29 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-01-15 12:52 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-15 12:48 <DIR> d-------- C:\ebd0197059f4158a686a67b7
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-13 10:05 -------- d-------- C:\Program Files\mozilla firefox
2007-02-12 22:37 -------- d-------- C:\Program Files\norton systemworks
2007-02-06 13:10 -------- d-------- C:\DOCUME~1\kirkland\Application Data\.trueswordsettings
2007-01-31 18:10 -------- d-------- C:\Program Files\mozilla thunderbird
2007-01-31 17:21 -------- d---s---- C:\DOCUME~1\kirkland\Application Data\microsoft
2007-01-18 16:13 -------- d--h----- C:\Program Files\installshield installation information
2007-01-18 16:12 -------- d-------- C:\Program Files\google
2006-12-20 14:37 -------- d-------- C:\Program Files\total video converter
2006-11-27 19:45 60416 --------- C:\WINDOWS\system32\tzchange.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
@=""
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"EOUApp"="C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe"
"RemoteControl"="\"C:\\Program Files\\ASUSTek\\ASUSDVD\\PDVDServ.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzd32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService REG_MULTI_SZ DnsCache
DcomLaunch REG_MULTI_SZ DcomLaunchTermService
rpcss REG_MULTI_SZ RpcSs
imgsvc REG_MULTI_SZ StiSvc
termsvcs REG_MULTI_SZ TermService
WudfServiceGroup REG_MULTI_SZ WUDFSvc
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job
********************************************************************
catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net (http://\"http://www.gmer.net\")
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-02-13 10:08:29
C:\ComboFix2.txt ... 07-02-12 12:15
Post by: guestolo on February 12, 2007, 08:11:36 PM
C:\WINDOWS\system32\winzzd32.dll <-file
C:\WINDOWS\system32\joxykwwi.dll <-file
C:\WINDOWS\system32\vvdsuixl.dll <-file
You can also delete the following folders
C:\VundoFix Backups <-folder
C:\bintheredunthat <-folder
C:\BFU <-folder
[color=\"blue\"]Your Java Runtime Environment is out of date.[/color] Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
[color=\"blue\"]Updating Java:[/color]
- Download the latest version of Java Runtime Environment (JRE) 6 (http://\"http://java.sun.com/javase/downloads/index.jsp\").
- Scroll down to where it says "Java Runtime Enviroinment (JRE) 6, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement[/i]".
- The page will refresh.
- Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (12.6 MB).
- Close any programs you may have running - especially any web browsers.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
O2 - BHO: (no name) - {3944A394-11E9-4444-9375-FA1B125BEF25} - C:\WINDOWS\system32\mljge.dll (file missing)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\yaxydvrk.dll (file missing)
O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot your computer
Then from your desktop double-click on jre-6-windowsi586.exe to install the newest version of Java
Load AVG Anti-Spyware 7.5
- Click the Update tab at the top. Under Manual Update click Start update.
- After the update finishes (the status bar at the bottom will display "Update successful")
- Click on the Scanner tab at the top
- Click the "Settings" tab and then change the recommended action under "How to Act" to Quarantine and ensure that "Automatically generate report after every scan" IS selected and
"Only if Threats are found" IS NOT selected - Click Back to the Scan tab
- Cick on Complete System Scan.
This scan can take a while to run, let it run uninterrupted
- When the scan is complete it will list any infections found on the left hand side.
- Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
- Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file (like on the Desktop).
Reboot the computer again
Come back here and post the following please
1. Post a fresh hijackthis log
2. Post the whole report from AVG
3. Could you also do the following, I just want to check on one file
I've seen it scanned before and come up clean, but that was a month ago
Go to either of these links
http://virusscan.jotti.org/ (http://\"http://virusscan.jotti.org/\")
OR
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
Use the browse button and navigate to the file on your harddrive
C:\WINDOWS\system32\tzchange.exe<-this file
Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please
Post by: kirkland on February 12, 2007, 10:57:10 PM
Everythis else went well.
Hijack report
Logfile of HijackThis v1.99.1
Scan saved at 2:45:05 PM, on 2/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\mysql\bin\mysqld-nt.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Documents and Settings\kirkland\Desktop\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 (http://\"http://go.microsoft.com/fwlink/?linkid=58813\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125762484531 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125762484531\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128563430656 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128563430656\")
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
AVG Report
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 2:35:55 PM 2/13/2007
+ Scan result:
:mozilla.10:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.194:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.194:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.198:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.198:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.198:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.175:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.176:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.176:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.176:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.176:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.176:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.176:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.176:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.176:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.176:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.176:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.177:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.177:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.177:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.177:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.177:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.177:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.177:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.177:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.178:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.178:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.178:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.54:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.54:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.54:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.54:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.54:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.55:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.136:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.136:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.139:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.139:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.139:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.139:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.139:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.139:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.139:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.140:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.140:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.140:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.140:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.140:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.140:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.140:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.140:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.141:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.141:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.141:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.66:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.66:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.66:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.66:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.66:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.66:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.66:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.66:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.66:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.66:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.67:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.67:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.67:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.67:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.67:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.67:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.67:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.67:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.68:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.68:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.68:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.30:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.30:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.31:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.31:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.31:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.31:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.31:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.32:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.32:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.32:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.226:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.226:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.226:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.226:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.226:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.226:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.226:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.226:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.226:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.226:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.227:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.227:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.228:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.228:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.228:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.228:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.228:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.229:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.229:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.229:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.149:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.149:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.150:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.150:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.150:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.150:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.150:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.151:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.151:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.151:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.74:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.74:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.74:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.74:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.74:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.74:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.74:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.74:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.74:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.74:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.75:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.75:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.76:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.76:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.76:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.76:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.76:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.77:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.77:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.77:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.170:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.170:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.170:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.170:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.170:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.170:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.170:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.171:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.171:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.171:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.171:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.171:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.171:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.171:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.171:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.172:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.131:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.131:C:&
Post by: guestolo on February 13, 2007, 01:05:10 AM
If everything is running better
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Create a New restore point
Give it a name and click Create
When that's done
Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating
Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made
Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning
You should give your computer a bit more protection
Install
SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
I'm not sure if you have Spybot 1.4 installed on your computer
Another great antispyware scanner
You can download it from
HERE (http://\"http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1\")
Install with default settings that are selected
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
Ensure all updates are successful, a GREEN check will indicate this
If you have an error updating, search for updates again and retry the download until all updates are successfully installed
After update is complete
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED
RESTART the computer to finish any cleaning process
In addition, utilize the Immunization feature
After every update
Click the "Immunize" button>>OK the prompt>>Immunize again at the top green cross
If there are other user profiles on the computer, have them login and enable all protections with Spywareblaster
and Immunize with Spybot after every update
Hope that helps
Post by: kirkland on February 13, 2007, 06:34:44 PM
It appears that all is running smoothly and my computer is performing like new. I realized that my version of norton does not have the antivirus components running. I guess i have to pay more to get that. Am i sufficiently covered by running spybot, AVG and antispyware blaster or are these purely anti spyware programs? I am assuming there is a difference between antivirus and antispyware? If so do you reccommend any free antivirus or do you suggest i pay for the upgaded Norton.
Again thankyou for your help. The fact you donate your time so freely is inspiring, i am donating to your nobal cause.
Cheers,
Kirkland
Post by: guestolo on February 13, 2007, 11:29:42 PM
Quote
I am assuming there is a difference between antivirus and antispyware?Yes there is
I hate to see someone with outdated Antivirus software
I'm surprised you uninstalled Avira's AntiVir if your Norton's was expired
They developed a great free product
I suggest that you uninstall Norton's>>reboot and reinstall Avira or another similiar tool
As I recommend here
http://www.thetechguide.com/forum/index.php?showtopic=15894 (http://\"http://www.thetechguide.com/forum/index.php?showtopic=15894\")
Does that help?
And by the way, thanks for the donation
Post by: kirkland on February 14, 2007, 11:26:37 PM
Thanks again for your help.
Post by: guestolo on February 15, 2007, 12:47:23 AM
Take care
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />