|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
10-03-2006, 08:29 PM
|
#1 (permalink) |
|
Registered User
Join Date: Oct 2006
Posts: 58
OS: XP
|
HJT log help
I have recently had some spyware/adware on my system, the effects seem to have stopped, but i have no clue if my system is clean yet. Could someone please check my log and tell me if anything in it is spyware/adware?
Logfile of HijackThis v1.99.1 Scan saved at 7:26:41 PM, on 03/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5450.0004) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE C:\WINDOWS\System32\cisvc.exe C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE C:\Program Files\Shaw Secure\Common\FSMA32.EXE C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe C:\Program Files\Shaw Secure\Common\FSMB32.EXE C:\Program Files\Shaw Secure\Common\FCH32.EXE C:\Program Files\Shaw Secure\Common\FAMEH32.EXE C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe C:\Program Files\Shaw Secure\FSPC\fspc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Shaw Secure\Common\FSM32.EXE C:\Program Files\Shaw Secure\FSGUI\ispnews.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\taskmgr.exe G:\Stuff\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID} R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by SHAW Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\WinMediaCodec\isaddon.dll (file missing) O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll (file missing) O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll (file missing) O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing O11 - Options group: [INTERNATIONAL] International* O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potc_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126498224359 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: eeler - {1559e6c1-7e5e-4461-9457-6a2dea85eb9f} - C:\WINDOWS\system32\titiau.dll (file missing) O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
10-09-2006, 08:51 AM
|
#6 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,562
OS: WinXP and Vista
|
Hello addy771,
Our apologies for the oversight of your thread. Yes, you still have the Smitfraud infection active on your system. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. *************************************************** Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Download AVG Anti-Spyware from HERE and save that file to your desktop. This is a 30 day trial of the program
Download and install CleanUp! but do not run it yet. *WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. *************************************************** Reboot your computer in Safe Mode.
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool. Select option #2 - Clean by typing 2 and press Enter. Wait for the tool to complete and disk cleanup to finish. You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter. A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply. ______________________________ Clean out your Temporary Internet files. Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: *Click "Options..." *Move the arrow down to "Custom CleanUp!" *Put a check next to the following:
Press the CleanUp! button to start the program. Once it's finished Cleanup will ask you to logoff/reboot. Please select NO as we will do this later. Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present: · "Security Info" · "Warning Message" · "Security Desktop" · "Warning Homepage" · "Desktop Uninstall" Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK. Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin. ______________________________ IMPORTANT: Close all other windows while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
______________________________ Reboot into Normal Mode. ______________________________ Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #3 - Delete Trusted zone by typing 3 and press Enter Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter. Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection. ______________________________ Perform an online scan with Internet Explorer with Panda ActiveScan ** click on "Free use ActiveScan" located on the top right hand corner
Then post the following logs in your next reply... c:\rapport.txt Ewido log Panda log New Hijackthis log |
|
|
|
|
10-13-2006, 05:20 PM
|
#7 (permalink) |
|
Registered User
Join Date: Oct 2006
Posts: 58
OS: XP
|
here they are:
--------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 7:32:17 AM 13/10/2006 + Scan result: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\nCASE -> Adware.180Solutions : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\BonziBUDDY.clsRegistration -> Adware.BonziBuddy : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\BonziBUDDY.clsRegistration\Clsid -> Adware.BonziBuddy : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\BonziTapFilters.clsSubscription -> Adware.BonziBuddy : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\BonziTapFilters.clsSubscription\Clsid -> Adware.BonziBuddy : Cleaned with backup (quarantined). HKLM\SOFTWARE\KMiNT21 -> Adware.DesktopSpyAgent : Cleaned with backup (quarantined). HKLM\SOFTWARE\KMiNT21\GoldenKeylogger -> Adware.DesktopSpyAgent : Cleaned with backup (quarantined). HKLM\SOFTWARE\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined). HKU\.DEFAULT\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined). HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined). HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined). HKU\S-1-5-18\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined). HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined). HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined). HKU\S-1-5-21-504299452-1855423037-3738530907-1006\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined). HKU\S-1-5-21-504299452-1855423037-3738530907-1006\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined). HKU\S-1-5-21-504299452-1855423037-3738530907-1006\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined). HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2296428D-C133-4928-B76A-A200FF409572} -> Adware.Generic : Cleaned with backup (quarantined). HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup (quarantined). HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2296428D-C133-4928-B76A-A200FF409572} -> Adware.Generic : Cleaned with backup (quarantined). HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup (quarantined). HKU\S-1-5-21-504299452-1855423037-3738530907-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2296428D-C133-4928-B76A-A200FF409572} -> Adware.Generic : Cleaned with backup (quarantined). HKU\S-1-5-21-504299452-1855423037-3738530907-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\Contact.Contacts -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\Contact.Contacts\CLSID -> Adware.HotBar : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\Contact.Contacts\CurVer -> Adware.HotBar : Cleaned with backup (quarantined). C:\WINDOWS\system\Install_All.DLL -> Adware.IGetNet : Cleaned with backup (quarantined). C:\WINDOWS\system\Update_Hosts.DLL -> Adware.IGetNet : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined). HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined). HKU\S-1-5-21-504299452-1855423037-3738530907-1006\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined). HKU\S-1-5-21-504299452-1855423037-3738530907-1006\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined). C:\Program Files\Network\network.exe -> Adware.Maxifiles : Cleaned with backup (quarantined). C:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\TypeLib\{CE7C3CE2-4B15-11D1-ABED-709549C10000} -> Adware.RegiFast : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP932\A0142465.exe -> Adware.Relevant : Cleaned with backup (quarantined). C:\Documents and Settings\Adam\Desktop\Stuff\programs\HotRodASD-dm.exe -> Adware.Trymedia : Cleaned with backup (quarantined). C:\Documents and Settings\Adam\My Documents\LemonadeTycoonSetup-dm.exe -> Adware.Trymedia : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP929\A0142364.exe -> Adware.Trymedia : Cleaned with backup (quarantined). G:\Stuff\programs\HotRodASD-dm.exe -> Adware.Trymedia : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{58F07DD3-924D-4141-BC74-299F523A95F1} -> Adware.WebDir : Cleaned with backup (quarantined). C:\Program Files\Microsoft AntiSpyware\Quarantine\852352BA-7626-4B7E-9B18-5F90E3\FFE9A09C-BF53-43F0-8BAD-BD6CD0 -> Adware.WebHancer : Cleaned with backup (quarantined). HKLM\SOFTWARE\IntexusDial -> Dialer.Generic : Cleaned with backup (quarantined). C:\Program Files\Advanced Batch Converter\uninstall.exe -> Dropper.Agent.aea : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP968\A0145411.exe -> Dropper.Agent.aea : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP970\A0145450.exe -> Dropper.Agent.aea : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP929\A0142377.0XE -> Dropper.VB.lu : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1008\A0152951.reg -> Hijacker.StartPage : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP936\A0142604.exe -> Not-A-Virus.Monitor.Win32.GoldenKeylogger.126 : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP936\A0142605.exe -> Not-A-Virus.Monitor.Win32.GoldenKeylogger.130 : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP936\A0142607.dll -> Not-A-Virus.Monitor.Win32.GoldenKeylogger.130 : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP936\A0142606.dll -> Not-A-Virus.Monitor.Win32.GoldenKeylogger.150 : Cleaned with backup (quarantined). C:\Program Files\HomeKeyLogger\KeyLogger.exe -> Not-A-Virus.Monitor.Win32.HomeKeyLogger.162 : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP970\A0145486.exe -> Not-A-Virus.Monitor.Win32.HomeKeyLogger.162 : Cleaned with backup (quarantined). C:\Program Files\HomeKeyLogger\KeyLogger.Dll -> Not-A-Virus.Monitor.Win32.HomeKeyLogger.170 : Cleaned with backup (quarantined). :mozilla.323:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.247realmedia : Cleaned. :mozilla.324:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.247realmedia : Cleaned. :mozilla.28:C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\z45uplbm.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.295:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.296:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.297:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.298:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.299:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.29:C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\z45uplbm.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.300:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.301:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.302:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.303:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.304:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.305:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.307:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.308:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.309:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.30:C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\z45uplbm.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.310:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.311:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.312:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.313:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.314:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.315:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.316:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.31:C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\z45uplbm.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.429:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.6:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.2o7 : Cleaned. :mozilla.711:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.7:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.2o7 : Cleaned. :mozilla.873:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.905:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.2o7 : Cleaned. :mozilla.183:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Adbrite : Cleaned. :mozilla.184:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Adbrite : Cleaned. :mozilla.185:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Adbrite : Cleaned. :mozilla.739:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Adbrite : Cleaned. :mozilla.740:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Adbrite : Cleaned. :mozilla.10:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Addynamix : Cleaned. :mozilla.11:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Addynamix : Cleaned. :mozilla.12:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Addynamix : Cleaned. :mozilla.791:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Adrevolver : Cleaned. :mozilla.792:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Adrevolver : Cleaned. :mozilla.793:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Adrevolver : Cleaned. :mozilla.794:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Adrevolver : Cleaned. :mozilla.795:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Adrevolver : Cleaned. :mozilla.796:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Adrevolver : Cleaned. :mozilla.797:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Adrevolver : Cleaned. :mozilla.798:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Adrevolver : Cleaned. :mozilla.799:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Adrevolver : Cleaned. :mozilla.124:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Adserver : Cleaned. :mozilla.125:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Adserver : Cleaned. :mozilla.126:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Adserver : Cleaned. :mozilla.13:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.14:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.15:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.16:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.17:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.18:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.19:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.20:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.21:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.22:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.23:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.24:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.25:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.26:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.27:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.28:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.29:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.30:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.31:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.32:C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\z45uplbm.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.32:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.33:C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\z45uplbm.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.33:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.34:C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\z45uplbm.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.34:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.35:C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\z45uplbm.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.35:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.36:C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\z45uplbm.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.36:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.37:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.38:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.39:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Advertising : Cleaned. :mozilla.346:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Atdmt : Cleaned. :mozilla.56:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Atdmt : Cleaned. :mozilla.933:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Bfast : Cleaned. :mozilla.202:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Bluestreak : Cleaned. :mozilla.320:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Bluestreak : Cleaned. :mozilla.591:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Bridgetrack : Cleaned. :mozilla.592:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Bridgetrack : Cleaned. :mozilla.140:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Burstbeacon : Cleaned. :mozilla.603:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Burstbeacon : Cleaned. :mozilla.138:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Burstnet : Cleaned. :mozilla.139:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Burstnet : Cleaned. :mozilla.345:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Burstnet : Cleaned. :mozilla.347:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Burstnet : Cleaned. :mozilla.348:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Burstnet : Cleaned. :mozilla.115:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Casalemedia : Cleaned. :mozilla.116:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Casalemedia : Cleaned. :mozilla.117:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Casalemedia : Cleaned. :mozilla.118:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Casalemedia : Cleaned. :mozilla.119:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Casalemedia : Cleaned. :mozilla.120:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Casalemedia : Cleaned. :mozilla.355:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Casalemedia : Cleaned. :mozilla.356:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Casalemedia : Cleaned. :mozilla.357:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Casalemedia : Cleaned. :mozilla.358:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Casalemedia : Cleaned. :mozilla.359:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Casalemedia : Cleaned. :mozilla.360:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Casalemedia : Cleaned. :mozilla.361:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Casalemedia : Cleaned. :mozilla.39:C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\z45uplbm.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.40:C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\z45uplbm.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. C:\Documents and Settings\Brian\Cookies\brian@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.881:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Clickbank : Cleaned. :mozilla.391:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Clickzs : Cleaned. :mozilla.392:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Clickzs : Cleaned. :mozilla.241:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Com : Cleaned. :mozilla.91:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Com : Cleaned. :mozilla.92:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Com : Cleaned. :mozilla.409:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Counted : Cleaned. :mozilla.186:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Cqcounter : Cleaned. :mozilla.10:C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\z45uplbm.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.322:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Doubleclick : Cleaned. :mozilla.9:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Brian\Cookies\brian@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.949:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Enhance : Cleaned. :mozilla.154:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Euroclick : Cleaned. :mozilla.155:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Euroclick : Cleaned. :mozilla.156:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Euroclick : Cleaned. :mozilla.157:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Euroclick : Cleaned. :mozilla.158:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Euroclick : Cleaned. :mozilla.103:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Falkag : Cleaned. :mozilla.104:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Falkag : Cleaned. :mozilla.105:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Falkag : Cleaned. :mozilla.111:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Falkag : Cleaned. :mozilla.17:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\vgxzywf1.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.18:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\vgxzywf1.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.19:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\vgxzywf1.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.20:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\vgxzywf1.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.21:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\vgxzywf1.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.22:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\vgxzywf1.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.23:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\vgxzywf1.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.57:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Falkag : Cleaned. :mozilla.58:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Falkag : Cleaned. :mozilla.59:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Falkag : Cleaned. :mozilla.60:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Falkag : Cleaned. :mozilla.61:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Falkag : Cleaned. :mozilla.62:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Falkag : Cleaned. :mozilla.63:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Falkag : Cleaned. :mozilla.64:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Falkag : Cleaned. :mozilla.95:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Falkag : Cleaned. :mozilla.96:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Falkag : Cleaned. :mozilla.97:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Falkag : Cleaned. :mozilla.98:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Falkag : Cleaned. :mozilla.99:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Falkag : Cleaned. :mozilla.451:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Fastclick : Cleaned. :mozilla.452:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Fastclick : Cleaned. :mozilla.453:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Fastclick : Cleaned. :mozilla.45:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Fastclick : Cleaned. :mozilla.46:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Fastclick : Cleaned. :mozilla.49:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Fastclick : Cleaned. :mozilla.50:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Fastclick : Cleaned. :mozilla.51:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Fastclick : Cleaned. :mozilla.52:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Fastclick : Cleaned. :mozilla.53:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Fastclick : Cleaned. :mozilla.947:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Goclick : Cleaned. :mozilla.948:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Goclick : Cleaned. :mozilla.413:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Googleadservices : Cleaned. :mozilla.141:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Hitbox : Cleaned. :mozilla.230:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Hitbox : Cleaned. :mozilla.231:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Hitbox : Cleaned. :mozilla.232:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Hitbox : Cleaned. :mozilla.370:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Hitbox : Cleaned. :mozilla.535:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Hitbox : Cleaned. :mozilla.581:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Hitbox : Cleaned. :mozilla.582:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Hitbox : Cleaned. :mozilla.684:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Hitbox : Cleaned. :mozilla.685:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Hitbox : Cleaned. :mozilla.750:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Hitbox : Cleaned. :mozilla.751:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Hitbox : Cleaned. :mozilla.752:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Hitbox : Cleaned. :mozilla.84:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Hitbox : Cleaned. :mozilla.86:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Hitbox : Cleaned. :mozilla.87:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Hitbox : Cleaned. :mozilla.888:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Hitbox : Cleaned. :mozilla.889:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Hitbox : Cleaned. :mozilla.88:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Hitbox : Cleaned. :mozilla.89:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Hitbox : Cleaned. :mozilla.924:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Hitbox : Cleaned. :mozilla.412:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Hotlog : Cleaned. :mozilla.500:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Liveperson : Cleaned. :mozilla.502:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Liveperson : Cleaned. :mozilla.503:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Liveperson : Cleaned. :mozilla.408:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Masterstats : Cleaned. :mozilla.12:C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\z45uplbm.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.15:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\4n85ggxy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.222:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Mediaplex : Cleaned. :mozilla.223:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Mediaplex : Cleaned. :mozilla.92:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Mediaplex : Cleaned. :mozilla.93:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Mediaplex : Cleaned. :mozilla.533:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Myaffiliateprogram : Cleaned. :mozilla.519:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Onestat : Cleaned. :mozilla.520:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Onestat : Cleaned. :mozilla.521:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Onestat : Cleaned. :mozilla.522:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Onestat : Cleaned. :mozilla.523:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Onestat : Cleaned. :mozilla.13:C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\z45uplbm.slt\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.193:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Overture : Cleaned. :mozilla.43:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Overture : Cleaned. :mozilla.44:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Overture : Cleaned. :mozilla.389:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Paycounter : Cleaned. :mozilla.287:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Pointroll : Cleaned. :mozilla.288:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Pointroll : Cleaned. :mozilla.289:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Pointroll : Cleaned. :mozilla.290:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Pointroll : Cleaned. :mozilla.148:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Popuptraffic : Cleaned. :mozilla.149:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Popuptraffic : Cleaned. :mozilla.150:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Popuptraffic : Cleaned. :mozilla.151:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Popuptraffic : Cleaned. :mozilla.131:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Qksrv : Cleaned. :mozilla.132:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Qksrv : Cleaned. :mozilla.129:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Questionmarket : Cleaned. :mozilla.130:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Questionmarket : Cleaned. :mozilla.636:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Questionmarket : Cleaned. :mozilla.637:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Questionmarket : Cleaned. :mozilla.638:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Questionmarket : Cleaned. :mozilla.371:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Revenue : Cleaned. :mozilla.372:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Revenue : Cleaned. :mozilla.37:C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\z45uplbm.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.38:C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\z45uplbm.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.93:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Serving-sys : Cleaned. :mozilla.940:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Serving-sys : Cleaned. :mozilla.941:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Serving-sys : Cleaned. :mozilla.942:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Serving-sys : Cleaned. :mozilla.943:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Serving-sys : Cleaned. :mozilla.94:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Serving-sys : Cleaned. :mozilla.95:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Serving-sys : Cleaned. :mozilla.96:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Serving-sys : Cleaned. :mozilla.395:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexcounter : Cleaned. :mozilla.396:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexcounter : Cleaned. :mozilla.397:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexcounter : Cleaned. :mozilla.398:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexcounter : Cleaned. :mozilla.399:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexcounter : Cleaned. :mozilla.400:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexcounter : Cleaned. :mozilla.194:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexlist : Cleaned. :mozilla.195:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexlist : Cleaned. :mozilla.196:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexlist : Cleaned. :mozilla.197:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexlist : Cleaned. :mozilla.198:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexlist : Cleaned. :mozilla.199:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexlist : Cleaned. :mozilla.200:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexlist : Cleaned. :mozilla.201:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexlist : Cleaned. :mozilla.202:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexlist : Cleaned. :mozilla.203:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexlist : Cleaned. :mozilla.204:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexlist : Cleaned. :mozilla.205:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexlist : Cleaned. :mozilla.206:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexlist : Cleaned. :mozilla.207:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexlist : Cleaned. :mozilla.208:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexlist : Cleaned. :mozilla.209:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexlist : Cleaned. :mozilla.210:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexlist : Cleaned. :mozilla.211:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Sexlist : Cleaned. :mozilla.43:C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\z45uplbm.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.411:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Spylog : Cleaned. :mozilla.29:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.30:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.31:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.32:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.33:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.35:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.36:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.37:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.38:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.39:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.40:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.41:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.42:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.43:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.49:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.52:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.53:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.54:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.55:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.56:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.57:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.58:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.60:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.61:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.62:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.63:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.64:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.65:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.66:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.67:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.68:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.69:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.70:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.71:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.72:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.73:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.74:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.75:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.76:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Statcounter : Cleaned. :mozilla.549:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Tacoda : Cleaned. :mozilla.550:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Tacoda : Cleaned. :mozilla.598:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Targetnet : Cleaned. :mozilla.213:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Trafficmp : Cleaned. :mozilla.214:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Trafficmp : Cleaned. :mozilla.215:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Trafficmp : Cleaned. :mozilla.216:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Trafficmp : Cleaned. :mozilla.218:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Trafficmp : Cleaned. :mozilla.219:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Trafficmp : Cleaned. :mozilla.584:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Trafficmp : Cleaned. :mozilla.585:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Trafficmp : Cleaned. :mozilla.586:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Trafficmp : Cleaned. :mozilla.587:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Trafficmp : Cleaned. :mozilla.588:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Trafficmp : Cleaned. :mozilla.594:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Trafficmp : Cleaned. :mozilla.112:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.113:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.341:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.264:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Valuead : Cleaned. :mozilla.265:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Valuead : Cleaned. :mozilla.266:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Valuead : Cleaned. :mozilla.267:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Valuead : Cleaned. :mozilla.268:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Valuead : Cleaned. :mozilla.269:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Valuead : Cleaned. :mozilla.291:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Valuead : Cleaned. :mozilla.292:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Valuead : Cleaned. :mozilla.293:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Valuead : Cleaned. :mozilla.294:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Valuead : Cleaned. :mozilla.160:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Valueclick : Cleaned. :mozilla.161:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Valueclick : Cleaned. :mozilla.123:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Weborama : Cleaned. :mozilla.702:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.7:C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\z45uplbm.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.8:C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\z45uplbm.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.842:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Yadro : Cleaned. :mozilla.106:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.107:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.108:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.109:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.110:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.111:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.162:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.163:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.166:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156074.old -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.102:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Zedo : Cleaned. :mozilla.103:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Zedo : Cleaned. :mozilla.104:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Zedo : Cleaned. :mozilla.105:C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP1017\A0156073.old -> TrackingCookie.Zedo : Cleaned. C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP941\A0143549.0XE -> Trojan.VB.el : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP929\A0142379.0XE -> Worm.VB.an : Cleaned with backup (quarantined). ::Report end Incident Status Location Adware:adware/igetnet Not disinfected c:\windows\system\rules.dat Adware:adware/deskwizz Not disinfected c:\windows\dh.ini Adware:adware/dollarrevenue Not disinfected c:\windows\myupdates1.dat Adware:adware/maxifiles Not disinfected c:\program files\common files\InetGet Adware:adware/commad Not disinfected c:\program files\Network Monitor Potentially unwanted tool:application/funweb Not disinfected hkey_current_user\software\Fun Web Products Potentially unwanted tool:application/mywebsearch Not disinfected hkey_local_machine\software\FocusInteractive Spyware:spyware/media-motor Not disinfected Windows Registry Potentially unwanted tool:application/myway Not disinfected hkey_local_machine\software\MySearch Potentially unwanted tool:application/zango Not disinfected hkey_local_machine\software\zanu Adware:adware/2search Not disinfected Windows Registry Adware:adware/abox Not disinfected Windows Registry Dialer:dialer.asl Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1426AC5-8CE5-4A00-B71E-011D35709AC6} Adware:adware/webdir Not disinfected Windows Registry Adware:adware/mirar Not disinfected Windows Registry Adware:adware/whenusearch Not disinfected Windows Registry Adware:adware/webhancer Not disinfected Windows Registry Adware:adware/dyfuca Not disinfected Windows Registry Spyware:spyware/adclicker Not disinfected Windows Registry Adware:adware/ncase Not disinfected Windows Registry Adware:adware/exact.bargainbuddy Not disinfected Windows Registry Adware:adware/savenow Not disinfected Windows Registry Adware:adware/ucmore Not disinfected Windows Registry Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\vgxzywf1.default\cookies.txt[.as-us.falkag.net/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\vgxzywf1.default\cookies.txt[.2o7.net/] Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\vgxzywf1.default\cookies.txt[.bravenet.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\vgxzywf1.default\cookies.txt[.statcounter.com/] Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Profiles\default\shi9cl4o.slt\Mail\shawmail.vc.shawcable.net\Inbox[talk.zip][talk.doc.pif] Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Profiles\default\shi9cl4o.slt\Mail\shawmail.vc.shawcable.net\Inbox[final.zip][final.pif] Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Profiles\default\shi9cl4o.slt\Mail\shawmail.vc.shawcable.net\Inbox[party.zip][party.pif] Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Profiles\default\shi9cl4o.slt\Mail\shawmail.vc.shawcable.net\Inbox[me.zip][me.doc.pif] Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Profiles\default\shi9cl4o.slt\Mail\shawmail.vc.shawcable.net\Inbox[website.zip][website.doc.com] Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Profiles\default\shi9cl4o.slt\Mail\shawmail.vc.shawcable.net\Inbox[doc.exe] Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Profiles\default\shi9cl4o.slt\Mail\shawmail.vc.shawcable.net\Inbox[talk.zip][talk.scr] Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Profiles\default\shi9cl4o.slt\Mail\shawmail.vc.shawcable.net\Inbox[information.com] Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Profiles\default\shi9cl4o.slt\Mail\shawmail.vc.shawcable.net\Inbox[information.zip][information.rtf.exe] Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Profiles\default\shi9cl4o.slt\Mail\shawmail.vc.shawcable.net\Inbox[aboutyou.rtf.scr] Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Profiles\default\shi9cl4o.slt\Mail\shawmail.vc.shawcable.net\Inbox[aboutyou.zip][aboutyou.htm.com] Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Profiles\default\shi9cl4o.slt\Mail\shawmail.vc.shawcable.net\Inbox[release.zip][release.doc.pif] Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Profiles\default\shi9cl4o.slt\Mail\shawmail.vc.shawcable.net\Trash[talk.zip][talk.doc.pif] Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Profiles\default\shi9cl4o.slt\Mail\shawmail.vc.shawcable.net\Trash[final.zip][final.pif] Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Profiles\default\shi9cl4o.slt\Mail\shawmail.vc.shawcable.net\Trash[party.zip][party.pif] Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Profiles\default\shi9cl4o.slt\Mail\shawmail.vc.shawcable.net\Trash[doc.exe] Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Profiles\default\shi9cl4o.slt\Mail\shawmail.vc.shawcable.net\Trash[website.zip][website.doc.com] Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Profiles\default\shi9cl4o.slt\Mail\shawmail.vc.shawcable.net\Trash[information.com] Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Profiles\default\shi9cl4o.slt\Mail\shawmail.vc.shawcable.net\Trash[aboutyou.rtf.scr] Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Profiles\default\shi9cl4o.slt\Mail\shawmail.vc.shawcable.net\Trash[talk.zip][talk.scr] Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Profiles\default\shi9cl4o.slt\Mail\shawmail.vc.shawcable.net\Trash[me.zip][me.doc.pif] Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Profiles\default\shi9cl4o.slt\Mail\shawmail.vc.shawcable.net\Trash[release.zip][release.doc.pif] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Adam\Cookies\adam@apmebf[1].txt Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Adam\Cookies\adam@qksrv[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Adam\Cookies\adam@statcounter[2].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Adam\Desktop\SmitfraudFix\SmitfraudFix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Adam\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe] Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\Adam\Desktop\Stuff\programs\KrazyBall.exe[NNBALL638.EXE] Adware:Adware/nCase Not disinfected C:\Documents and Settings\Adam\Desktop\Stuff\programs\NamesToolkit-Setup.exe[saap.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Adam\Desktop\Stuff\SmitfraudFix.zip[SmitfraudFix/Process.exe] Virus:W32/Mydoom.A.worm Disinfected Personal Folders\Deleted Items\Delivery Status Notification (Failure)\HELLO\text.zip[text.txt .pif] Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe Hacktool:HackTool/Scansql.A Not disinfected C:\poolbot\webserver\poolbot.exe Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\DCE13809-C6AE-4CB6-9152-30B53B.asq Virus:Trj/SubSearch.I Disinfected C:\WINDOWS\system\IEService.exe Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe Spyware:Spyware/New.net Not disinfected G:\Stuff\programs\KrazyBall.exe[NNBALL638.EXE] Adware:Adware/nCase Not disinfected G:\Stuff\programs\NamesToolkit-Setup.exe[saap.exe] Potentially unwanted tool:Application/Processor Not disinfected G:\Stuff\SmitfraudFix.zip[SmitfraudFix/Process.exe] SmitFraudFix v2.109 Scan done at 7:55:35.43, 12/10/2006 Run from C:\Documents and Settings\Adam\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{1559e6c1-7e5e-4461-9457-6a2dea85eb9f}"="eeler" [HKEY_CLASSES_ROOT\CLSID\{1559e6c1-7e5e-4461-9457-6a2dea85eb9f}\InProcServer32] @="C:\WINDOWS\system32\titiau.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1559e6c1-7e5e-4461-9457-6a2dea85eb9f}\InProcServer32] @="C:\WINDOWS\system32\titiau.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\drsmartload2.dat Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted C:\Program Files\WinMediaCodec\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Logfile of HijackThis v1.99.1 Scan saved at 4:18:58 PM, on 13/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5450.0004) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE C:\WINDOWS\System32\cisvc.exe C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE C:\Program Files\Shaw Secure\Common\FSMA32.EXE C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe C:\Program Files\Shaw Secure\Common\FSMB32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Shaw Secure\Common\FCH32.EXE C:\Program Files\Shaw Secure\Common\FAMEH32.EXE C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe C:\Program Files\Shaw Secure\FSPC\fspc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Shaw Secure\Common\FSM32.EXE C:\Program Files\Shaw Secure\FSGUI\ispnews.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Mozilla Firefox\firefox.exe G:\Stuff\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by SHAW Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll (file missing) O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll (file missing) O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing O11 - Options group: [INTERNATIONAL] International* O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potc_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126498224359 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe |
|
|
|
|
10-13-2006, 09:06 PM
|
#8 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,562
OS: WinXP and Vista
|
Hello addy771,
Once again, disable Windows Defender as it may interfere with our fixes. Download AlcanShorty from here.
Make sure you have a working internet connection. In case your firewall gives an alert, don't block it, because alcanshorty needs to download some additional files to let the tool run properly.
----------------------------------- Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading: * select Show hidden files and folders. * Uncheck Hide protected operating system files (recommended) option. *Also, make sure there is no checkmark beside Hide file extensions for known file types. * Click OK. ----------------------------------- Delete the following Files and Folders if they still exist. c:\windows\system\ rules.dat c:\windows\ dh.ini c:\program files\common files\ InetGet C:\Documents and Settings\Adam\Desktop\Stuff\programs\ KrazyBall.exe[NNBALL638.EXE] C:\Documents and Settings\Adam\Desktop\Stuff\programs\ NamesToolkit-Setup.exe[saap.exe] C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\ DCE13809-C6AE-4CB6-9152-30B53B.asq ----------------------------------- **If the above resist deletion, boot into Safe Mode and delete. ----------------------------------- Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following bolded text into Notepad: REGEDIT4 [-hkey_current_user\software\Fun Web Products} [-hkey_local_machine\software\FocusInteractive] [-hkey_local_machine\software\MySearch} [-hkey_local_machine\software\zanu] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1426AC5-8CE5-4A00-B71E-011D35709AC6}] Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards. ----------------------------------- Reboot your system. ----------------------------------- Run another online scan at Panda and post the results here along with a new HijackThis log. How is your system behaving? |
|
|
|
|
10-14-2006, 05:46 AM
|
#9 (permalink) |
|
Registered User
Join Date: Oct 2006
Posts: 58
OS: XP
|
Incident Status Location
Adware:adware/dollarrevenue Not disinfected c:\windows\myupdates1.dat Adware:adware/maxifiles Not disinfected c:\program files\common files\Windows Potentially unwanted tool:application/funweb Not disinfected hkey_current_user\software\Fun Web Products Spyware:spyware/media-motor Not disinfected Windows Registry Potentially unwanted tool:application/myway Not disinfected hkey_local_machine\software\MySearch Potentially unwanted tool:application/mywebsearch Not disinfected hkey_local_machine\software\MyWebSearch Adware:adware/2search Not disinfected Windows Registry Adware:adware/abox Not disinfected Windows Registry Dialer:dialer.asl Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D62A517-E7C6-4E1F-A577-07D4AC549A48} Adware:adware/webdir Not disinfected Windows Registry Adware:adware/mirar Not disinfected Windows Registry Adware:adware/whenusearch Not disinfected Windows Registry Potentially unwanted tool:application/zango Not disinfected HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5} Adware:adware/webhancer Not disinfected Windows Registry Adware:adware/dyfuca Not disinfected Windows Registry Spyware:spyware/adclicker Not disinfected Windows Registry Adware:adware/ncase Not disinfected Windows Registry Adware:adware/exact.bargainbuddy Not disinfected Windows Registry Adware:adware/savenow Not disinfected Windows Registry Adware:adware/ucmore Not disinfected Windows Registry Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\vgxzywf1.default\cookies.txt[.as-us.falkag.net/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\vgxzywf1.default\cookies.txt[.2o7.net/] Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\vgxzywf1.default\cookies.txt[.bravenet.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\vgxzywf1.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Adam\Cookies\adam@apmebf[1].txt Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Adam\Cookies\adam@qksrv[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Adam\Cookies\adam@statcounter[2].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Adam\Desktop\SmitfraudFix\SmitfraudFix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Adam\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Adam\Desktop\Stuff\SmitfraudFix.zip[SmitfraudFix/Process.exe] Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe Hacktool:HackTool/Scansql.A Not disinfected C:\poolbot\webserver\poolbot.exe Spyware:Spyware/New.net Not disinfected C:\RECYCLER\S-1-5-21-504299452-1855423037-3738530907-1006\Dc3.exe[NNBALL638.EXE] Adware:Adware/nCase Not disinfected C:\RECYCLER\S-1-5-21-504299452-1855423037-3738530907-1006\Dc4.exe[saap.exe] Potentially unwanted tool:Application/FunWeb Not disinfected C:\RECYCLER\S-1-5-21-504299452-1855423037-3738530907-1006\Dc5.asq Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe Spyware:Spyware/New.net Not disinfected G:\Stuff\programs\KrazyBall.exe[NNBALL638.EXE] Adware:Adware/nCase Not disinfected G:\Stuff\programs\NamesToolkit-Setup.exe[saap.exe] Potentially unwanted tool:Application/Processor Not disinfected G:\Stuff\SmitfraudFix.zip[SmitfraudFix/Process.exe] Logfile of HijackThis v1.99.1 Scan saved at 4:45:07 AM, on 14/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5450.0004) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE C:\WINDOWS\System32\cisvc.exe C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE C:\Program Files\Shaw Secure\Common\FSMA32.EXE C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe C:\Program Files\Shaw Secure\Common\FSMB32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Program Files\Shaw Secure\Common\FCH32.EXE C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Shaw Secure\Common\FAMEH32.EXE C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe C:\Program Files\Shaw Secure\FSPC\fspc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Shaw Secure\Common\FSM32.EXE C:\Program Files\Shaw Secure\FSGUI\ispnews.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Endless\Endless.exe C:\Program Files\Mozilla Firefox\firefox.exe G:\Stuff\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by SHAW Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll (file missing) O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll (file missing) O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing O11 - Options group: [INTERNATIONAL] International* O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potc_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126498224359 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe My system was experiencing horrible lag for the past few days, it seems to be fine now, tell me what i should be looking for. |
|
|
|
|
10-14-2006, 10:16 AM
|
#10 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,562
OS: WinXP and Vista
|
Hi,
It's what I need to be looking for.  We're almost through here.We have a couple new registry entries that have shown up that need to be removed, as well as a couple more files: Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following bolded text into Notepad: REGEDIT4 [-hkey_current_user\software\Fun Web Products] [-hkey_local_machine\software\MySearch] [-hkey_local_machine\software\MyWebSearch] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D62A517-E7C6-4E1F-A577-07D4AC549A48}] [-HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}] Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards. ------------------------------------ Delete these files and folder: c:\windows\ myupdates1.dat c:\program files\common files\ Windows <--Careful--from this location only! G:\Stuff\programs\ KrazyBall.exe G:\Stuff\programs\ NamesToolkit-Setup.exe --------------------------------------- Create an Uninstall List: Open HijackThis *Click on the "Configure" button on the bottom right *Click on the tab "Misc Tools" *Click on the Box that says "Open Uninstall Manager" *Click on the button "Save list" The list will automatically be saved in your HijackThis folder. Please copy and paste the uninstall_list.txt here. |
|
|
|
|
10-14-2006, 03:49 PM
|
#11 (permalink) |
|
Registered User
Join Date: Oct 2006
Posts: 58
OS: XP
|
!xSpeed.net 2.0
3D Windows XP Screen Saver Adobe Acrobat 5.0 Advanced Batch Converter AOL Audio Mid Recorder 3.7.2 AutoHotkey 1.0.44.07 Avex DVD Ripper Platinum (remove only) AVG Anti-Spyware 7.5 Camtasia Studio 3 CleanUp! CloneDVD 3.9.4 CloneDVD Trial 3.0 CNET Download Manager Coloreal CompuServe Data Access Objects (DAO) 3.0 Dell ResourceCD DH Drag Racer v3 Endless Online 0.26 File2Pack SFX Final Drive Fury FLV Player 1.3.3 Game Maker 5 Game Maker 5.3A Game Maker 6.1 Google Earth Google Web Accelerator GTA2 GTK+ 2.8.9 runtime environment HijackThis 1.99.1 Home Key Logger Free Edition v1.70 (remove only) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) hp instant support HP Memories Disc HP Photo and Imaging 2.0 - All-in-One HP Photo and Imaging 2.0 - All-in-One Drivers HP Photo and Imaging 2.0 - hp psc 1200 series hp psc 1200 series Icecast v2.3.1 Inactive HP Printer Drivers (Remove only) Intel(R) Extreme Graphics Driver Software IntelliMover Data Transfer Demo InterVideo WinDVD Player iTunes J2SE Runtime Environment 5.0 Update 6 Java 2 Runtime Environment Standard Edition v1.3.1_02 Java 2 Runtime Environment, SE v1.4.0_01 Java 2 Runtime Environment, SE v1.4.1_02 Java Web Start Krazy Ball Lernout & Hauspie TruVoice American English TTS Engine LimeWire 4.10.9 Macromedia Flash Player 8 Macromedia Shockwave Player MapleStory Microsoft .NET Framework (English) v1.0.3705 Microsoft Data Access Components KB870669 Microsoft Encarta Encyclopedia Standard 2002 Microsoft GIF Animator Microsoft Office XP Professional with FrontPage Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2) Microsoft Works 7.0 MID Converter 4.0 Mozilla Firefox (1.5.0.7) NVIDIA Windows 2000/XP Display Drivers OpenAL 1.0 Reference Ore No Ryomi 2 O'Reilly WebBoard 2.0 PagePopupMaker Trial 1.4.0 Panda ActiveScan PC SECURITY TEST 2006 PC-Doctor for Windows PhotoFiltre Studio Power MIDI to MP3 1.5 PrintMaster Gold 4.00 Python 2.2 combined Win32 extensions Python 2.5c1 Quicken 2003 New User Edition QuickTime RollerCoaster Tycoon 2 RuneScape Toolkit S3Display S3Gamma2 S3Info2 S3Overlay Sayz Me SCAR CDE 2.03 Screendragon VS3 Secure Delivery Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924496) Shaw Internet Uninstall Shaw Internet Update 1.0.3 Shaw Secure Shockwave Simple Installer - Multilanguage Version Speed Gear 5.00 The File Splitter 1.31 The GIMP 2.2.10 The Print Shop Ensemble III Tweak UI Uninstall NudgeMania 2.0 for MSN Messenger Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) VIA Rhine-Family Fast Ethernet Adapter Viewpoint Media Player (Remove Only) Weather tool WildTangent Web Driver Winamp (remove only) Windows Defender Windows Defender Signatures Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Beta 3 Windows Live Messenger Windows Live Safety Scanner Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows Media Player 9 Series Power Toy - Ratings Migration Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 Windows XP Video Screensaver Powertoy WinRAR archiver WinZip Wireless-G PCI Adapter Yahoo! Companion Yahoo! Essentials Yahoo! Internet Mail Yahoo! Login Yahoo! Messenger Yahoo! Messenger Explorer Bar Here you go, and thanks so much for your help. you guys really are a lifesaver. |
|
|
|
|
10-14-2006, 06:27 PM
|
#12 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,562
OS: WinXP and Vista
|
Hi addy771,
Everything looks good. We just need to take care of your outdated Java: Updating Java:
------------------------------------------------ Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links. Reset hidden/system files and folders Windows XP =============== Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View tab. * Deselect the Show hidden files and folders option. * Select the Hide file extensions for known types option. * Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Enable Windows Auto Update *Go to Start>Run - type wuaucpl.cpl *Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Create a new System Restore point Click Start >> Run - type SYSDM.CPL & press Enter * Select the System Restore Tab * Tick on the checkbox - "Turn off System Restore on all drives" Click Apply * Then untick the same checkbox & click OK This will prevent any reinfection from previous restore points. Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs if you do not already have them: Download SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items . Download Spyware Guard to catch and block spyware before it can execute. Download IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, and save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD) Now navigate to C:\ie-spyad. Double click to open it. From within the folder, double-click install.bat Select Option #2 - Install the new IE-SPYAD list, by typing 2 Then return to the main menu. Select option #4 - Add the old porn sites domain, by typing 4 Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released. In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles: HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. Follow this list and your potential for being infected again will reduce dramatically. 
|
|
|
|
|
10-14-2006, 11:27 PM
|
#13 (permalink) |
|
Registered User
Join Date: Oct 2006
Posts: 58
OS: XP
|
Thanks so much, you guys are the freakin best people out there! but one more problem.. i installed the new java, but it wont run. i probably just need to restart my computer. if it still wont work after that then ill let you know.
|
|
|
|
| Thread Tools | |
|
|
