« previous next »
Pages: [1]

Author Topic: Tech help  (Read 967 times)

Offline kirkland

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Tech help
« on: February 08, 2007, 11:27:47 PM »
Hello,
 
 I have been searching all over to find out what virus is running on my computer, i finally stumbled upon your site.
 
 Computer Symptoms:
 
 Upon Startup i am prompted with a window that says was unable to establish connection to the internet. work offline or try again. Not sure what program is  causing this. If i select work offline the message keeps appearing.
 
 Working on Mozilla new tabs will open teeling me to buy anti-virus software.
 
 When entering safe mode  windows doesnt fully load and i am only able to control things through task manager.
 
 Any advise would be greatly appreciated.
 
 Cheers,
 
 Kirkland
 
 I have downloaded hijackthis on after running the scan i get this log file:
 
 Logfile of HijackThis v1.99.1
 Scan saved at 2:59:39 PM, on 2/9/2007
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v7.00 (7.00.5730.0011)
 
 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.exe
 C:\WINDOWS\system32\services.exe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\System32\svchost.exe
 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
 C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
 C:\WINDOWS\system32\spoolsv.exe
 C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
 C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
 C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
 C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 C:\WINDOWS\ATK0100\HControl.exe
 C:\WINDOWS\system32\hkcmd.exe
 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
 C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
 C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
 C:\WINDOWS\SOUNDMAN.EXE
 C:\Program Files\QuickTime\qttask.exe
 C:\Program Files\iTunes\iTunesHelper.exe
 C:\mysql\bin\mysqld-nt.exe
 C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
 C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
 C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
 C:\Program Files\Google\Google Talk\googletalk.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
 C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
 C:\WINDOWS\system32\svchost.exe
 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 C:\WINDOWS\system32\wscntfy.exe
 C:\WINDOWS\ATK0100\ATKOSD.exe
 C:\Program Files\iPod\bin\iPodService.exe
 C:\WINDOWS\System32\svchost.exe
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\WINDOWS\explorer.exe
 C:\Documents and Settings\kirkland\Desktop\HijackThis.exe
 
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
 O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
 O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
 O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
 O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
 O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
 O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
 O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
 O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
 O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\uxvqgamo.dll",setvm
 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
 O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
 O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
 O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - Startup: .protected
 O4 - Global Startup: .protected
 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
 O11 - Options group: [INTERNATIONAL] International*
 O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125762484531
 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128563430656
 O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
 O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
 O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
 O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
 O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
 O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
 O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
 O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
 O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
 O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe
 O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
 O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
 O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
 O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
 O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
 O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe (file missing)
 O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Tech help
« Reply #1 on: February 11, 2007, 02:11:52 PM »
Sorry for the delay kirkland
If you still need a hand, can you do the following please

Download this file - Combofix.exe and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Also, Download the latest version of  [color=\"red\"]SmitfraudFix[/color][/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).

Can you post back all the following please
1. Post the log from Smitfraudfix>>by default it will be located here C:\Rapport.txt
2. Post the log from Combofix>>C:\Combofix.txt
3. Post a fresh hijackthis log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kirkland

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Tech help
« Reply #2 on: February 11, 2007, 09:17:13 PM »
Thanks for the reply. Here are the log files you requested:
 
 
ComboFix Log
 
 "kirkland" - 07-02-12 12:03:15    Service Pack 2
 ComboFix 07-02-11 - Running from: "C:\Documents and Settings\kirkland\Desktop"
 
 ((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
 
 
 C:\DOCUME~1\kirkland\Application Data\Install.dat
 C:\Program Files\Common Files\{28A3E~1
 C:\Program Files\VSAdd-in
 C:\WINDOWS\system32\components
 
 
 (((((((((((((((((((((((((((((((   Files Created from 2007-01-12 to 2007-02-12  ))))))))))))))))))))))))))))))))))
 
 
 2007-02-09 14:57    <DIR>    d--------    C:\HJT
 2007-02-09 13:31    76,412    --a------    C:\WINDOWS\system32\joxykwwi.dll
 2007-02-09 13:30    <DIR>    d--------    C:\bintheredunthat
 2007-02-09 13:26    713,391    ---hs----    C:\WINDOWS\system32\egjlm.ini2
 2007-02-09 12:31    <DIR>    d--------    C:\BFU
 2007-02-09 12:29    3,968    --a------    C:\WINDOWS\system32\drivers\AvgAsCln.sys
 2007-02-09 12:29    <DIR>    d--------    C:\Program Files\Grisoft
 2007-02-06 13:10    <DIR>    d--------    C:\Program Files\True Sword 4
 2007-02-06 13:10    <DIR>    d--------    C:\DOCUME~1\kirkland\Application Data\.TrueSwordSettings
 2007-02-06 12:32    <DIR>    d--------    C:\WINDOWS\pss
 2007-01-31 20:58    664    --a------    C:\WINDOWS\system32\d3d9caps.dat
 2007-01-31 17:37    76,412    --a------    C:\WINDOWS\system32\vvdsuixl.dll
 2007-01-31 17:37    44,165    --a------    C:\WINDOWS\system32\yaxydvrk.dll
 2007-01-31 17:06    <DIR>    d--------    C:\Program Files\Windows Media Connect 2
 2007-01-31 17:01    <DIR>    d--------    C:\WINDOWS\system32\drivers\UMDF
 2007-01-15 15:33    <DIR>    d--h-c---    C:\WINDOWS\ie7
 2007-01-15 15:29    <DIR>    d--------    C:\WINDOWS\network diagnostic
 2007-01-15 12:52    <DIR>    d--------    C:\WINDOWS\ie7updates
 2007-01-15 12:48    <DIR>    d--------    C:\ebd0197059f4158a686a67b7
 2007-01-15 10:41    32,768    --a------    C:\WINDOWS\system32\drivers\avgntdd.sys
 2007-01-15 10:41    14,848    --a------    C:\WINDOWS\system32\drivers\avgntmgr.sys
 2007-01-15 10:41    <DIR>    d--------    C:\Program Files\AntiVir PersonalEdition Classic
 2007-01-15 10:41    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\Application Data\AntiVir PersonalEdition Classic
 2007-01-12 10:44    44,060    --a------    C:\WINDOWS\system32\tbilspkc.dll
 
 
 ((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
 2007-02-12 12:06    --------    d--------    C:\Program Files\mozilla firefox
 2007-02-09 13:31    498074    ---hs----    C:\WINDOWS\system32\egjlm.bak1
 2007-02-09 13:30    497676    ---hs----    C:\WINDOWS\system32\egjlm.bak2
 2007-02-06 13:10    --------    d--------    C:\DOCUME~1\kirkland\Application Data\.trueswordsettings
 2007-02-05 15:06    --------    d--------    C:\Program Files\norton systemworks
 2007-01-31 18:10    --------    d--------    C:\Program Files\mozilla thunderbird
 2007-01-31 17:21    --------    d---s----    C:\DOCUME~1\kirkland\Application Data\microsoft
 2007-01-18 16:13    --------    d--h-----    C:\Program Files\installshield installation information
 2007-01-18 16:12    --------    d--------    C:\Program Files\google
 2006-12-20 14:37    --------    d--------    C:\Program Files\total video converter
 2006-12-20 14:31    88340    --a------    C:\WINDOWS\system32\vtvfmhgj.exe
 2006-12-20 14:31    44052    --a------    C:\WINDOWS\system32\ctgodxyq.dll
 2006-12-20 14:31    118804    --a------    C:\WINDOWS\system32\uxvqgamo.dll
 2006-11-27 19:45    60416    ---------    C:\WINDOWS\system32\tzchange.exe
 
 
 ((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
 *Note* empty entries & legit default entries are not shown
 
 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
 "googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
 "NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
 "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
 
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
 "HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe"
 "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
 "High Definition Audio Property Page Shortcut"="HDAShCut.exe"
 "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
 "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
 @=""
 "IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
 "EOUApp"="C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe"
 "RemoteControl"="\"C:\\Program Files\\ASUSTek\\ASUSDVD\\PDVDServ.exe\""
 "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
 "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
 "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
 "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
 "SoundMan"="SOUNDMAN.EXE"
 "AlcWzrd"="ALCWZRD.EXE"
 "Alcmtr"="ALCMTR.EXE"
 "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
 "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
 "DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\uxvqgamo.dll\",setvm"
 "avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
 "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
 
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
 
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
 "Installed"="1"
 
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
 "Installed"="1"
 "NoChange"="1"
 
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
 "Installed"="1"
     
 
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
 "incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"
 
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
 "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
 
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
 "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
 "incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"
 "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
 
 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
 "Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"
 
 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
 "Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"
 
 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless
 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljge
 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzd32
 
 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
 "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
 
 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
 HTTPFilter    REG_MULTI_SZ       HTTPFilter
 LocalService    REG_MULTI_SZ       AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
 NetworkService    REG_MULTI_SZ       DnsCache
 DcomLaunch    REG_MULTI_SZ       DcomLaunchTermService
 rpcss    REG_MULTI_SZ       RpcSs
 imgsvc    REG_MULTI_SZ       StiSvc
 termsvcs    REG_MULTI_SZ       TermService
 WudfServiceGroup    REG_MULTI_SZ       WUDFSvc
 
 
 
 Contents of the 'Scheduled Tasks' folder
 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
 C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
 C:\WINDOWS\tasks\Symantec Drmc.job
 
 
 ********************************************************************
 
 catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
 http://www.gmer.net
 
 scanning hidden processes ...
 
 scanning hidden services ...
 
 scanning hidden autostart entries ...
 
 scanning hidden files ...
 
 scan completed successfully
 hidden processes: 0
 hidden services: 0
 hidden files: 0
 
 ********************************************************************
 
 Completion time: 07-02-12 12:15:20
 
 
 Rapport Log
 
 SmitFraudFix v2.141
 
 Scan done at 13:05:29.10, Mon 02/12/2007
 Run from C:\Documents and Settings\kirkland\Desktop\SmitfraudFix
 OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
 The filesystem type is NTFS
 Fix run in normal mode
 
 Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» hosts
 
 
 Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\
 
 
 Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\WINDOWS
 
 C:\WINDOWS\.protected FOUND !
 
 Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\WINDOWS\system
 
 
 Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\WINDOWS\Web
 
 
 Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\WINDOWS\system32
 
 C:\WINDOWS\system32\ot.ico FOUND !
 
 Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\WINDOWS\system32\LogFiles
 
 
 Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\Documents and Settings\kirkland
 
 
 Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\Documents and Settings\kirkland\Application Data
 
 
 Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Start Menu
 
 C:\DOCUME~1\kirkland\STARTM~1\Programs\Startup\.protected FOUND !
 C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
 C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !
 C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected FOUND !
 
 Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\DOCUME~1\kirkland\FAVORI~1
 
 C:\DOCUME~1\kirkland\FAVORI~1\Antivirus Test Online.url FOUND !
 
 Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Desktop
 
 
 Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\Program Files
 
 
 Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Corrupted keys
 
 
 Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Desktop Components
 
 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
 "Source"="About:Home"
 "SubscribedURL"="About:Home"
 "FriendlyName"="My Current Home Page"
 
 
 Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Sharedtaskscheduler
 !!!Attention, following keys are not inevitably infected!!!
 
 SrchSTS.exe by S!Ri
 Search SharedTaskScheduler's .dll
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
 "incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"
 
 
 
 Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» AppInit_DLLs
 !!!Attention, following keys are not inevitably infected!!!
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
 "AppInit_DLLs"=""
 
 
 Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Winlogon.System
 !!!Attention, following keys are not inevitably infected!!!
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
 "System"=""
 
 
 Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» pe386-msguard-lzx32-huy32
 
 
 Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Scanning wininet.dll infection
 
 
 Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» End
 
 Hijackthis Log
 
 
 Logfile of HijackThis v1.99.1
 Scan saved at 1:10:43 PM, on 2/12/2007
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v7.00 (7.00.5730.0011)
 
 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.exe
 C:\WINDOWS\system32\services.exe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\System32\svchost.exe
 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
 C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
 C:\WINDOWS\system32\spoolsv.exe
 C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
 C:\WINDOWS\Explorer.EXE
 C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
 C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
 C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
 C:\mysql\bin\mysqld-nt.exe
 C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
 C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
 C:\WINDOWS\ATK0100\HControl.exe
 C:\WINDOWS\system32\hkcmd.exe
 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
 C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
 C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
 C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
 C:\WINDOWS\SOUNDMAN.EXE
 C:\Program Files\QuickTime\qttask.exe
 C:\Program Files\iTunes\iTunesHelper.exe
 C:\WINDOWS\system32\svchost.exe
 C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
 C:\Program Files\Google\Google Talk\googletalk.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 C:\WINDOWS\system32\wscntfy.exe
 C:\Program Files\iPod\bin\iPodService.exe
 C:\WINDOWS\ATK0100\ATKOSD.exe
 C:\WINDOWS\System32\svchost.exe
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\WINDOWS\system32\NOTEPAD.EXE
 C:\WINDOWS\notepad.exe
 C:\Documents and Settings\kirkland\Desktop\HijackThis.exe
 
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
 O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
 O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
 O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
 O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
 O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
 O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
 O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
 O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
 O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\uxvqgamo.dll",setvm
 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
 O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
 O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
 O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - Startup: .protected
 O4 - Global Startup: .protected
 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
 O11 - Options group: [INTERNATIONAL] International*
 O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125762484531
 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128563430656
 O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
 O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
 O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
 O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
 O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
 O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
 O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
 O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
 O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
 O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe
 O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
 O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
 O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
 O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
 O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
 O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe (file missing)
 O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
« Last Edit: February 11, 2007, 11:10:18 PM by guestolo »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Tech help
« Reply #3 on: February 11, 2007, 11:34:18 PM »
I suspect that safe mode isn't fully loading because of Vundo infection

Can you do the following please
It's possible that you are running more than one AntiVirus software
Norton's and Avira

If both are running, I suggest you uninstall one or the other
Keep the one your happiest with
Having more than one can cause system conflicts and instability
Reboot the computer afterwards

Back in Windows
Download [color=\"blue\"]VundoFix.exe[/color]
to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files,  click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button."

Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\uxvqgamo.dll",setvm
O4 - Startup: .protected
O4 - Global Startup: .protected
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
==Open the SmitfraudFix folder you extracted to desktop earlier
  • Double-click smitfraudfix.cmd
  • Press any key to continue
  • Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

  • You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

  • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process.  A text file will appear onscreen, with results from the cleaning process
I'll need to see these later, by default they are also saved at C:\rapport.txt

Reboot back to Normal Windows

1. Post a fresh hijackthis log
2. Post the report from Vundofix>>C:\Vundofix.txt
3. Post the report from Smitfraudfix>>C:\Rapport.txt
4. Could you also run Combofix again and post the fresh log

We'll have a bit more cleaning to do, but we should get it all next reply

NOTE: Can you please choose the ADD REPLY button when replying back to this thread, at the bottom right
That should prevent the need to quote my response
« Last Edit: February 11, 2007, 11:35:30 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kirkland

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Tech help
« Reply #4 on: February 12, 2007, 06:29:05 PM »
Thanks for your time with this. I was able to check and remove the following entries from hijack.

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)

The following file could not be found in the hijack scan.

O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\uxvqgamo.dll",setvm

And the the following two files could not be deleted. The message said they were protected or they were in use. It reccomended using task manager to close them but i couldn't determine which process they were related to.

O4 - Startup: .protected
O4 - Global Startup: .protected

Good news is i am no longer prompeted to connect to the internet after startup and i was able to enter safe mode. Here are the log files requested.

Cheers

Hijack This Log

Logfile of HijackThis v1.99.1
Scan saved at 10:11:45 AM, on 2/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\mysql\bin\mysqld-nt.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\kirkland\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3944A394-11E9-4444-9375-FA1B125BEF25} - C:\WINDOWS\system32\mljge.dll (file missing)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\yaxydvrk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125762484531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128563430656
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Rapport Log

SmitFraudFix v2.141

Scan done at  9:44:24.79, Tue 02/13/2007
Run from C:\Documents and Settings\kirkland\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\.protected Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\DOCUME~1\kirkland\STARTM~1\Programs\Startup\.protected Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected Deleted
C:\DOCUME~1\kirkland\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Vundo log


VundoFix V6.3.6

Checking Java version...

Java version is 1.5.0.2

Java version is 1.5.0.6

Scan started at 10:37:26 PM 2/12/2007

Listing files found while scanning....

C:\WINDOWS\system32\ctgodxyq.dll
C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\egjlm.bak2
C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\egjlm.ini2
C:\WINDOWS\system32\egjlm.tmp
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\omagqvxu.ini
C:\WINDOWS\system32\tbilspkc.dll
C:\WINDOWS\system32\uxvqgamo.dll
C:\WINDOWS\system32\vtvfmhgj.exe
C:\WINDOWS\system32\yaxydvrk.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\ctgodxyq.dll
C:\WINDOWS\system32\ctgodxyq.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\egjlm.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\egjlm.bak2
C:\WINDOWS\system32\egjlm.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\egjlm.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\egjlm.ini2
C:\WINDOWS\system32\egjlm.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\egjlm.tmp
C:\WINDOWS\system32\egjlm.tmp Has been deleted!

 Attempting to delete C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\mljge.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\omagqvxu.ini
C:\WINDOWS\system32\omagqvxu.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\tbilspkc.dll
C:\WINDOWS\system32\tbilspkc.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\uxvqgamo.dll
C:\WINDOWS\system32\uxvqgamo.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vtvfmhgj.exe
C:\WINDOWS\system32\vtvfmhgj.exe Has been deleted!

 Attempting to delete C:\WINDOWS\system32\yaxydvrk.dll
C:\WINDOWS\system32\yaxydvrk.dll Has been deleted!

Performing Repairs to the registry.
Done!


Combo fix log

"kirkland" - 07-02-13 10:06:23    Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\kirkland\Desktop"

(((((((((((((((((((((((((((((((   Files Created from 2007-01-13 to 2007-02-13  ))))))))))))))))))))))))))))))))))
 
 
2007-02-12 22:37    <DIR>    d--------    C:\VundoFix Backups
2007-02-12 13:06    3,396    --a------    C:\WINDOWS\system32\tmp.reg
2007-02-09 14:57    <DIR>    d--------    C:\HJT
2007-02-09 13:31    76,412    --a------    C:\WINDOWS\system32\joxykwwi.dll
2007-02-09 13:30    <DIR>    d--------    C:\bintheredunthat
2007-02-09 12:31    <DIR>    d--------    C:\BFU
2007-02-09 12:29    3,968    --a------    C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-09 12:29    <DIR>    d--------    C:\Program Files\Grisoft
2007-02-06 13:10    <DIR>    d--------    C:\Program Files\True Sword 4
2007-02-06 13:10    <DIR>    d--------    C:\DOCUME~1\kirkland\Application Data\.TrueSwordSettings
2007-02-06 12:32    <DIR>    d--------    C:\WINDOWS\pss
2007-01-31 20:58    664    --a------    C:\WINDOWS\system32\d3d9caps.dat
2007-01-31 17:37    76,412    --a------    C:\WINDOWS\system32\vvdsuixl.dll
2007-01-31 17:06    <DIR>    d--------    C:\Program Files\Windows Media Connect 2
2007-01-31 17:01    <DIR>    d--------    C:\WINDOWS\system32\drivers\UMDF
2007-01-15 15:33    <DIR>    d--h-c---    C:\WINDOWS\ie7
2007-01-15 15:29    <DIR>    d--------    C:\WINDOWS\network diagnostic
2007-01-15 12:52    <DIR>    d--------    C:\WINDOWS\ie7updates
2007-01-15 12:48    <DIR>    d--------    C:\ebd0197059f4158a686a67b7


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-13 10:05    --------    d--------    C:\Program Files\mozilla firefox
2007-02-12 22:37    --------    d--------    C:\Program Files\norton systemworks
2007-02-06 13:10    --------    d--------    C:\DOCUME~1\kirkland\Application Data\.trueswordsettings
2007-01-31 18:10    --------    d--------    C:\Program Files\mozilla thunderbird
2007-01-31 17:21    --------    d---s----    C:\DOCUME~1\kirkland\Application Data\microsoft
2007-01-18 16:13    --------    d--h-----    C:\Program Files\installshield installation information
2007-01-18 16:12    --------    d--------    C:\Program Files\google
2006-12-20 14:37    --------    d--------    C:\Program Files\total video converter
2006-11-27 19:45    60416    ---------    C:\WINDOWS\system32\tzchange.exe
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
@=""
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"EOUApp"="C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe"
"RemoteControl"="\"C:\\Program Files\\ASUSTek\\ASUSDVD\\PDVDServ.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
   

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzd32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter    REG_MULTI_SZ       HTTPFilter
LocalService    REG_MULTI_SZ       AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService    REG_MULTI_SZ       DnsCache
DcomLaunch    REG_MULTI_SZ       DcomLaunchTermService
rpcss    REG_MULTI_SZ       RpcSs
imgsvc    REG_MULTI_SZ       StiSvc
termsvcs    REG_MULTI_SZ       TermService
WudfServiceGroup    REG_MULTI_SZ       WUDFSvc



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-13 10:08:29
C:\ComboFix2.txt ... 07-02-12 12:15
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Tech help
« Reply #5 on: February 12, 2007, 08:11:36 PM »
Can you find and delete these files if they exist, let me know if you removed them all

C:\WINDOWS\system32\winzzd32.dll <-file
C:\WINDOWS\system32\joxykwwi.dll <-file
C:\WINDOWS\system32\vvdsuixl.dll <-file

You can also delete the following folders
C:\VundoFix Backups <-folder
C:\bintheredunthat <-folder
C:\BFU <-folder

[color=\"blue\"]Your Java Runtime Environment is out of date.[/color] Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

[color=\"blue\"]Updating Java:[/color]
  • Download the latest version of  Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "Java Runtime Enviroinment (JRE) 6, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement[/i]".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language  and save it to your desktop (12.6 MB).
  • Close any programs you may have running - especially any web browsers.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {3944A394-11E9-4444-9375-FA1B125BEF25} - C:\WINDOWS\system32\mljge.dll (file missing)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\yaxydvrk.dll (file missing)
O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer

Then from your desktop double-click on jre-6-windowsi586.exe to install the newest version of Java

Load AVG Anti-Spyware 7.5
  • Click the Update tab at the top. Under Manual Update click Start update.
       
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Click on the Scanner tab at the top
       
  • Click the "Settings" tab and then change the recommended action under "How to Act" to Quarantine and ensure that "Automatically generate report after every scan" IS selected and
    "Only if Threats are found" IS NOT selected
  • Click Back to the Scan tab
       
  • Cick on Complete System Scan.
    This scan can take a while to run, let it run uninterrupted
     
  • When the scan is complete it will list any infections found on the left hand side.
  • Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
     
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file  (like on the Desktop).
I will need to see this log later

Reboot the computer again

Come back here and post the following please

1. Post a fresh hijackthis log
2. Post the whole report from AVG
3. Could you also do the following, I just want to check on one file
I've seen it scanned before and come up clean, but that was a month ago
Go to either of these links
http://virusscan.jotti.org/
OR
http://www.virustotal.com/flash/index_en.html

Use the browse button and navigate to the file on your harddrive

C:\WINDOWS\system32\tzchange.exe<-this file

Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kirkland

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Tech help
« Reply #6 on: February 12, 2007, 10:57:10 PM »
Of the files you asked me to delete i was able to find and delete all except C:\WINDOWS\system32\winzzd32.dll <-file, which i couldn't find.

Everythis else went well.

Hijack report

Logfile of HijackThis v1.99.1
Scan saved at 2:45:05 PM, on 2/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\mysql\bin\mysqld-nt.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Documents and Settings\kirkland\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125762484531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128563430656
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

AVG Report

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:   2:35:55 PM 2/13/2007

 + Scan result:   



:mozilla.10:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.194:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.194:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.198:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.198:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.198:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.175:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.176:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.176:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.176:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.174:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.175:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.176:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.176:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.176:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.176:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.176:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.176:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.176:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.177:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.177:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.177:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.177:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.177:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.177:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.177:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.177:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.178:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.178:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.178:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.54:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.54:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.54:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.54:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.54:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.55:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Atdmt : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.136:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.136:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.139:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.139:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.139:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.139:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.139:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.139:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.139:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.140:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.140:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.140:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.140:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.140:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.140:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.140:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.140:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.141:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.141:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.141:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.64:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.65:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.66:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.66:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.66:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.66:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.66:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.66:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.66:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.66:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.66:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.66:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.67:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.67:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.67:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.67:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.67:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.67:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.67:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.67:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.68:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.68:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.68:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.30:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.30:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.31:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.31:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.31:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.31:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.31:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.32:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.32:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.32:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.226:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.226:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.226:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.226:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.226:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.226:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.226:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.226:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.226:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.226:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.227:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.227:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.228:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.228:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.228:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.228:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.228:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.229:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.229:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.229:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.149:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.149:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.150:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.150:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.150:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.150:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.150:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.151:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.151:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.151:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Hitslink : Cleaned.
:mozilla.74:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.74:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.74:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.74:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.74:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.74:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.74:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.74:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.74:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.74:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.75:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.75:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.76:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.76:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.76:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.76:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.76:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.77:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.77:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.77:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.169:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.170:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.170:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.170:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.170:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.170:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.170:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.170:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.171:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.171:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.171:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.171:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.171:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.171:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.171:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.171:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.172:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.172:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074051.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074222.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074226.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074227.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074331.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074333.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074347.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074348.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074463.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074464.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074484.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074485.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074486.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074487.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074488.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074490.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0074491.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0075704.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT0075784.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.131:C:\Documents and Settings\kirkland\Application Data\Mozilla\Firefox\Profiles\w1svqqz9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.131:C:&
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Tech help
« Reply #7 on: February 13, 2007, 01:05:10 AM »
Looks good

If everything is running better
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Create a New restore point
Give it a name and click Create
When that's done

Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating

Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made

Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning

You should give your computer a bit more protection
Install
SpywareBlaster 3.5.1 by JavaCool  
    *Will block bad ActiveX Controls
    *Block Malevolent cookies in Internet Explorer and Firefox
    *Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

I'm not sure if you have Spybot 1.4 installed on your computer
Another great antispyware scanner
You can download it from
HERE

Install with default settings that are selected
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
Ensure all updates are successful, a GREEN check will indicate this
If you have an error updating, search for updates again and retry the download until all updates are successfully installed
After update is complete

Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer to finish any cleaning process
In addition, utilize the Immunization feature
After every update
Click the "Immunize" button>>OK the prompt>>Immunize again at the top green cross

If there are other user profiles on the computer, have them login and enable all protections with Spywareblaster
and Immunize with Spybot after every update

Hope that helps
« Last Edit: February 13, 2007, 11:35:47 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kirkland

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Tech help
« Reply #8 on: February 13, 2007, 06:34:44 PM »
Thankyou very much Questolo,

It appears that all is running smoothly and my computer is performing like new. I realized that my version of norton does not have the antivirus components running. I guess i have to pay more to get that. Am i sufficiently covered by running spybot, AVG and antispyware blaster or are these purely anti spyware programs? I am assuming there is a difference between antivirus and antispyware? If so do you reccommend any free antivirus or do you suggest i pay for the upgaded Norton.

Again thankyou for your help. The fact you donate your time so freely is inspiring, i am donating to your nobal cause.

Cheers,

Kirkland
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Tech help
« Reply #9 on: February 13, 2007, 11:29:42 PM »
Quote
I am assuming there is a difference between antivirus and antispyware?
Yes there is
I hate to see someone with outdated Antivirus software
I'm surprised you uninstalled Avira's AntiVir if your Norton's was expired
They developed a great free product
I suggest that you uninstall Norton's>>reboot and reinstall Avira or another similiar tool
As I recommend here
http://www.thetechguide.com/forum/index.php?showtopic=15894

Does that help?
And by the way, thanks for the donation
« Last Edit: February 13, 2007, 11:31:11 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kirkland

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Tech help
« Reply #10 on: February 14, 2007, 11:26:37 PM »
Yes that helps, thankyou. I have removed all norton components and reinstalled Avira Antivir. All looks good and is running well.

Thanks again for your help.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Tech help
« Reply #11 on: February 15, 2007, 12:47:23 AM »
Glad to help, I'll lock this topic as your problems are resolved
Take care  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »