Thread: Antivirus XP virus
View Single Post
Old 09-25-2008, 06:04 PM   #1 (permalink)
guynpenguinsuit
Registered User
 
Join Date: Sep 2008
Posts: 6
OS: XP


Antivirus XP virus
I have followed instructions on a previous post relating to this problem. The steps I have taken follow:

1. Backed up data files, created a recovery CD
2. Downloaded ComboFix, read the instructions
3. Ran ComboFix. I'll post the log below.
4. Removed Antivirus XP icon from start menu.
5. Deleted file that installed the virus.

The virus appears to be removed as the background screen is restored. I would just like to know if there is still anything else that needs to be done to clean my system. Thanks

Note that I now, after have had this virus, have NOD 32 installed on my system.

ComboFix Log:

ComboFix 08-09-25.03 - HP_Owner 2008-09-25 16:35:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.232 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\Documents and Settings\HP_Owner\Application Data\rhcvkmj0e37p
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[3].txt
C:\Program Files\rhcvkmj0e37p
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\blphcrkmj0e37p.scr
C:\WINDOWS\system32\lphcrkmj0e37p.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-08-25 to 2008-09-25 )))))))))))))))))))))))))))))))
.

2008-09-24 21:09 . 2008-09-24 21:09 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\ESET
2008-09-24 21:08 . 2008-09-24 21:08 <DIR> d-------- C:\Program Files\Norton PC Checkup
2008-09-24 21:07 . 2008-09-24 21:07 <DIR> d-------- C:\Program Files\ESET
2008-09-24 21:07 . 2008-09-24 21:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-24 20:00 . 2008-09-24 20:01 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-08-25 19:58 . 2008-08-25 20:32 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 23:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-25 05:16 --------- d-----w C:\Program Files\Symantec
2008-09-25 05:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-18 20:27 71,688 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-08-18 20:27 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-08-18 20:27 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-08-18 20:19 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-08-18 20:18 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-08-02 23:17 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 05:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2006-10-25 06:54 0 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-06-02 67160]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 126976]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 61440]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-02-17 180269]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2005-02-28 53248]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-10-13 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-13 C:\WINDOWS\ALCWZRD.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2005-02-17 45056]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2006-08-11 745472]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-15 167808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

*Newly Created Service* - APPMGMT
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-lphcrkmj0e37p - C:\WINDOWS\system32\lphcrkmj0e37p.exe
HKLM-Run-SMrhcvkmj0e37p - C:\Program Files\rhcvkmj0e37p\rhcvkmj0e37p.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 16:38:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-25 16:39:17
ComboFix-quarantined-files.txt 2008-09-25 23:39:07

Pre-Run: 161,947,361,280 bytes free
Post-Run: 162,132,959,232 bytes free

154 --- E O F --- 2008-09-09 19:28:03

I have just realized my thread was moved to this section, I am now following the steps posted and will have the log shortly.

I did not complete steps 3 and 4 in the guide. Step 3 seemed unnecessary as NOD 32 already has a spyware blocker built in, and we use firefox, not IE. I also did not install SP3 in step 4 becuase it inteferes with an important program.

Panda ActiveScan Log:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-09-25 19:18:06
PROTECTIONS: 1
MALWARE: 52
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ESET Smart Security 3.0 3.0 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@trafficmp[2].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@casalemedia[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.atdmt.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.tradedoubler.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.247realmedia.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.mediaplex.com/]
00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tucows[1].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@belnk[2].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.revenue.net/]
00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@dist.belnk[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@com[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.yadro.ru/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@statcounter[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\QooBox\Quarantine\C\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[3].txt.vir
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\QooBox\Quarantine\C\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[1].txt.vir
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bs.serving-sys[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.burstbeacon[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[www.burstbeacon.com/]
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@as-us.falkag[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.adtech.de/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[stat.onestat.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.advertising.com/]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adrevolver[3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.bluestreak.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adrevolver[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.adrevolver.com/]
00186469 Cookie/Reliablestats TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@stats1.reliablestats[2].txt
00186561 Cookie/Banner TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@banner[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adultfriendfinder[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.go.com/]
00196960 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ath.belnk[2].txt
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@valueclick[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[searchportal.information.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@target[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.target.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@did-it[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\cookies.txt[.did-it.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atwola[4].txt
00320978 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@winantivirus[1].txt
00381236 Adware/Xpantivirus2008 Adware No 0 No No C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP7\A0000200.exe[²ÜÇ\MachineKey.dll]
00383955 Joke/Bluescreen Jokes No 0 Yes No C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP7\A0000185.scr
00383955 Joke/Bluescreen Jokes No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\blphcrkmj0e37p.scr.vir
02077612 Generic Malware Virus/Trojan No 0 Yes Yes C:\Program Files\Online Services\PeoplePC\Utilities\AtlBrowser.exe
03548831 Adware/eAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP5\A0000058.exe
03738670 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncPlanObserver.exe
03738670 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\All Users\Application Data\Apple\Installer Cache\Apple Mobile Device Support 1.1.4.7\AppleMobileDeviceSupport.msi[unk_0049][SyncPlanObserver.exe]
03738686 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\romfix6u.default\Cache\C2152591d01[32788R22FWJFW\catchme.cfexe]
03738686 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP6\A0000147.exe[32788R22FWJFW\catchme.cfexe]
03738686 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe[32788R22FWJFW\catchme.cfexe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location "
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description "
;===================================================================================================================================================================================
;===================================================================================================================================================================================


HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:15 PM, on 9/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 7856 bytes
Last edited by amateur; 09-25-2008 at 10:05 PM. Reason: to retain 0-reply status
guynpenguinsuit is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here