Slow Computer

[Ascendancy]

Is anything running on here that doesn't need to be?

Logfile of HijackThis v1.99.1
Scan saved at 8:20:15 PM, on 1/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Jake\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.com/exec/obidos/re...ww.amazon.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Common Files\Symantec Shared\SymProbe.exe" -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [fwzehu] C:\WINDOWS\system32\rqvusk.exe r
O4 - HKLM\..\Run: [qwqdnin] C:\WINDOWS\system32\sclogv.exe r
O4 - HKLM\..\Run: [cycdnn] C:\WINDOWS\system32\xaqhrbk.exe r
O4 - HKLM\..\Run: [vzpnkf] C:\WINDOWS\system32\crbvdt.exe r
O4 - HKLM\..\Run: [nsismb] C:\WINDOWS\system32\kpxhomi.exe r
O4 - HKLM\..\Run: [oiajwe] C:\WINDOWS\system32\chefevb.exe r
O4 - HKLM\..\Run: [nhzvytw] C:\WINDOWS\system32\cwjcei.exe r
O4 - HKLM\..\Run: [zitiwu] C:\WINDOWS\system32\qzewyca.exe r
O4 - HKLM\..\Run: [svvnvrf] C:\WINDOWS\system32\iakgomn.exe r
O4 - HKLM\..\Run: [aybtrw] C:\WINDOWS\system32\rimrxfb.exe r
O4 - HKLM\..\Run: [vlxdsd] C:\WINDOWS\system32\npqfrr.exe r
O4 - HKLM\..\Run: [wyxctcn] C:\WINDOWS\system32\cuicmz.exe r
O4 - HKLM\..\Run: [nypiokm] C:\WINDOWS\system32\geprda.exe r
O4 - HKLM\..\Run: [kudrnfi] C:\WINDOWS\system32\ssguri.exe r
O4 - HKLM\..\Run: [lutvod] C:\WINDOWS\system32\kfygmap.exe r
O4 - HKLM\..\Run: [leaudu] C:\WINDOWS\system32\ghovhf.exe r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...05/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

[Ascendancy]

Bump.

[forhockey]

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

Please be patient with me during this time.

[Ried]

Hello Ascendancy,

As you can see, we are very busy in this forum. I noticed you did not see either of your previous threads to completion. This is apparently a waste of our time, and resources as you seem to have the exact infection you had in July of last year. You also have left other threads at other forums without seeing them through to the end.

Before I allow forhockey to continue, I will require your assurance that you will see this thread to it's conclusion.

[Ascendancy]

Yes, I will be seeing this through to the end. All I wish is to have things laid out plainly, like this should be on your computer and this makes me a little iffy.

[forhockey]

Hi Ascendancy,

I will be giving you a sets of instructions to follow throughout this cleanup of your machine. If there is anything that I feel shouldn't belong on your system, then I will ask you to remove it. Therefore, rest assured that your computer is in good hands, and that there will be no malware left on it when I'm through with it.

If you have any questions along the way, feel free to ask me and I'll be glad to answer them.

Please download this tool > System Repair Engineer

1. Extract it to it's own folder & double click SREng.exe to run it

2. Select 'Smart Scan' & tick "Verify Digital Signatures"

3. Click on the [Scan] button

4. When finished, click on the [Save Reports] button & save the log to Desktop

5. Attach the log in your next reply. Dont post it


Note: You may have to rename SREngLog.log to SREngLog.txt before attaching

[Ascendancy]

Here is the log, tell me if it doesn't work.

[forhockey]

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Download combofix from here.

**Save it directly to your desktop** Do Not run a scan just yet, we will shortly.
---------------------------------------------------------------------------------------------

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

• Install AVG Anti Spyware
• Double-click the icon on Desktop to launch AVG
• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.
---------------------------------------------------------------------------------------------

Download and install CleanUp! but do not run it yet.

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
---------------------------------------------------------------------------------------------

Webroot SpySweeper

Please disable Webroot SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean.

To disable Webroot SpySweeper:

• Go to the Options>Program Options
• Uncheck Load at Windows Startup
• Click Shields on the left.
• Click Internet Explorer and uncheck all items.
• Click Windows System and uncheck all items.
• Click Startup Programs and uncheck all items.
• Click Browser Add-Ons and uncheck all items.
• Exit Spysweeper.

---------------------------------------------------------------------------------------------

Now restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.
---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [fwzehu] C:\WINDOWS\system32\rqvusk.exe r
O4 - HKLM\..\Run: [qwqdnin] C:\WINDOWS\system32\sclogv.exe r
O4 - HKLM\..\Run: [cycdnn] C:\WINDOWS\system32\xaqhrbk.exe r
O4 - HKLM\..\Run: [vzpnkf] C:\WINDOWS\system32\crbvdt.exe r
O4 - HKLM\..\Run: [nsismb] C:\WINDOWS\system32\kpxhomi.exe r
O4 - HKLM\..\Run: [oiajwe] C:\WINDOWS\system32\chefevb.exe r
O4 - HKLM\..\Run: [nhzvytw] C:\WINDOWS\system32\cwjcei.exe r
O4 - HKLM\..\Run: [zitiwu] C:\WINDOWS\system32\qzewyca.exe r
O4 - HKLM\..\Run: [svvnvrf] C:\WINDOWS\system32\iakgomn.exe r
O4 - HKLM\..\Run: [aybtrw] C:\WINDOWS\system32\rimrxfb.exe r
O4 - HKLM\..\Run: [vlxdsd] C:\WINDOWS\system32\npqfrr.exe r
O4 - HKLM\..\Run: [wyxctcn] C:\WINDOWS\system32\cuicmz.exe r
O4 - HKLM\..\Run: [nypiokm] C:\WINDOWS\system32\geprda.exe r
O4 - HKLM\..\Run: [kudrnfi] C:\WINDOWS\system32\ssguri.exe r
O4 - HKLM\..\Run: [lutvod] C:\WINDOWS\system32\kfygmap.exe r
O4 - HKLM\..\Run: [leaudu] C:\WINDOWS\system32\ghovhf.exe r

Please remember to close all other windows, including browsers then click Fix checked.
---------------------------------------------------------------------------------------------

Run SREng again.

Select 'System Repair' from the left pane

• Click on 'File Association'
• Select all entries that has an 'Error status' & click [Repair]

Refer to this image for an example:



In your case, it would be .JS

Close SREng now.
---------------------------------------------------------------------------------------------

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
• Cleanup! All Users
• Click on the “Temporary Files” and uncheck the box for “Scan drives for file matching” if it’s checked.

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.
---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Restart in normal mode.
---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

A log will be produced that will ultimately be named C:\ComboFix.txt I'll need that in your next reply.
---------------------------------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

---------------------------------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware Results
Panda Results
C:\ComboFix.txt
New HijackThis log

[Ascendancy]

Okay, here are all four of the logs. I attached them for clarity's sake.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:51:26 PM 1/27/2007

+ Scan result:



C:\Documents and Settings\Jake's Programming\My Documents\My Music\Limewire Downloads\Adobe_InDesign_CS2_Tryout_to_Full_Activation.zip/OS-Adobe_CS2_KeyGen_Tryout_to_Full.exe -> Dropper.Delf.xo : Cleaned.
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP1780\A0151851.exe -> Dropper.Delf.xo : Cleaned.
:mozilla.387:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.105:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.106:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.107:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.170:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.171:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.172:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.173:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.174:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.175:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.176:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.404:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\isb6jq3j.Jake\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.351:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.353:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.354:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.355:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.356:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.357:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.19:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.28:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.420:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.204:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.205:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.206:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.207:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.208:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.209:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.117:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.17:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.217:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.218:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.219:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.220:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.33:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.34:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.35:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.36:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.37:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.38:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.39:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.40:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.140:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.84:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.87:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.88:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.89:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.92:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.165:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\isb6jq3j.Jake\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.166:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\isb6jq3j.Jake\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.167:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\isb6jq3j.Jake\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.866:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.93:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.94:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.432:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.90:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.91:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.433:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.434:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.435:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.436:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.41:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.42:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.199:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2ax82um2.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.200:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2ax82um2.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.220:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2ax82um2.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.221:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.221:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2ax82um2.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.222:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.222:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2ax82um2.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.223:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.223:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2ax82um2.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.224:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.224:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2ax82um2.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.225:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.225:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\2ax82um2.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.226:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.249:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\isb6jq3j.Jake\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.250:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\isb6jq3j.Jake\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.251:C:\Documents and Settings\Jake\Application Data\Netscape\NSB\Profiles\isb6jq3j.Jake\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.347:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.348:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.349:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.350:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.352:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.385:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.386:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.342:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.343:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.344:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.72:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.74:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.75:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.76:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.329:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.330:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.331:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.18:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.231:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.232:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.233:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.234:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.235:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.236:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.237:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.238:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.239:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.240:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.152:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.153:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.154:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.166:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.167:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.210:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.211:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.212:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.213:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.214:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.215:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.364:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.365:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.366:C:\Documents and Settings\Jake's Programming\Application Data\Mozilla\Firefox\Profiles\mka9jobt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

---------------------


Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Adware:adware/pacimedia Not disinfected Windows Registry
Adware:adware/superspider Not disinfected Windows Registry
Adware:adware/ieplugin Not disinfected Windows Registry
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\u57yjuqj.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\u57yjuqj.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\u57yjuqj.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\u57yjuqj.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\u57yjuqj.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\u57yjuqj.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jake\Cookies\jake@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jake\Cookies\jake@atwola[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jake\Cookies\jake@doubleclick[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\gd5489bi.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
-------------------------

"Jake" - 07-01-28 8:54:56 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Jake\Desktop\My Stuff\Computer Protection Stuff"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\winupdates


((((((((((((((((((((((((((((((( Files Created from 2006-12-28 to 2007-01-28 ))))))))))))))))))))))))))))))))))


2007-01-27 21:32 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-27 14:24 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-27 14:24 <DIR> d-------- C:\Program Files\Grisoft
2007-01-27 08:17 <DIR> d-------- C:\Program Files\Opera
2007-01-26 15:18 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-01-20 16:58 <DIR> d-------- C:\Program Files\ItsDeductible2006
2007-01-09 16:25 <DIR> d----c--- C:\j2sdk1.4.2_13
2007-01-07 20:52 <DIR> d-------- C:\DOCUME~1\Jake\Application Data\Dev-Cpp
2007-01-07 20:39 <DIR> d-------- C:\DOCUME~1\Jake\C Code
2007-01-07 20:02 4,698,168 --a--c--- C:\WINDOWS\system\php5ts.dll
2007-01-07 20:02 <DIR> d----c--- C:\php
2007-01-07 19:37 <DIR> d-------- C:\Program Files\Apache Software Foundation
2007-01-07 12:33 <DIR> d-------- C:\DOCUME~1\JAKE'S~1\Application Data\Webroot


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-28 08:55 -------- d-------- C:\Program Files\mozilla firefox
2007-01-27 21:42 -------- d-------- C:\DOCUME~1\Jake\Application Data\symantec
2007-01-27 21:37 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-27 21:36 -------- d-------- C:\Program Files\itunes
2007-01-27 21:36 -------- d-------- C:\Program Files\aim
2007-01-27 21:35 -------- d-------- C:\Program Files\messenger
2007-01-27 08:25 -------- d-------- C:\Program Files\Common Files\macromedia
2007-01-27 08:24 -------- d-------- C:\Program Files\macromedia
2007-01-26 15:20 -------- d-------- C:\Program Files\Common Files\adobe
2007-01-25 19:25 -------- d-------- C:\DOCUME~1\Jake\Application Data\adobeum
2007-01-20 18:13 -------- d-------- C:\Program Files\vstplugins
2007-01-20 18:13 -------- d-------- C:\Program Files\sony
2007-01-20 18:13 -------- d-------- C:\DOCUME~1\Jake\Application Data\sony
2007-01-20 16:53 -------- d-------- C:\Program Files\turbotax
2007-01-20 10:04 -------- d-------- C:\DOCUME~1\Jake\Application Data\azureus
2007-01-19 22:13 -------- d-------- C:\Program Files\Common Files\hp
2007-01-18 20:32 -------- d-------- C:\DOCUME~1\Jake\Application Data\adobe
2007-01-09 16:30 -------- d-------- C:\Program Files\java
2007-01-07 12:03 -------- d-------- C:\Program Files\norton antivirus
2007-01-07 11:59 48776 --a------ C:\WINDOWS\system32\s32evnt1.dll
2007-01-07 11:59 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-01-07 11:59 -------- d-------- C:\Program Files\symantec
2006-12-26 08:52 -------- d-------- C:\DOCUME~1\Jake\Application Data\opera
2006-12-10 21:03 -------- d-------- C:\Program Files\ac3filter
2006-12-09 09:39 -------- d-------- C:\Program Files\windows media connect 2
2006-11-28 19:17 -------- d-------- C:\DOCUME~1\Jake\Application Data\macromedia
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AGRSMMSG"="AGRSMMSG.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Motive SmartBridge"="C:\\PROGRA~1\\VERIZO~1\\SMARTB~1\\MotiveSB.exe"
"ISUSPM Startup"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"NAV CfgWiz"="\"C:\\Program Files\\Common Files\\Symantec Shared\\SymProbe.exe\" -r \"C:\\Program Files\\Norton AntiVirus\\CfgWiz.exe\" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE \"REBOOT\""
"qwqdnin"="C:\\WINDOWS\\system32\\sclogv.exe r"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AutoTBar"="; C:\\Program Files\\HP\\Digital Imaging\\bin\\AUTOTBAR.EXE"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"HP Component Manager"="; \"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="; \"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"HPHUPD05"="; \"c:\\Program Files\\HP\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe\""
"ISUSScheduler"="; \"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"iTunesHelper"="; \"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"UpdateManager"="; \"c:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"VTTimer"="; VTTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Image Zone Fast Start.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Image Zone Fast Start.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s"
"item"="HP Image Zone Fast Start"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\QuickBooks Update Agent.lnk"
"backup"="C:\\WINDOWS\\pss\\QuickBooks Update Agent.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Intuit\\QUICKB~1\\QBUpdate\\qbupdate.exe "
"item"="QuickBooks Update Agent"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Quicken Scheduled Updates.lnk"
"backup"="C:\\WINDOWS\\pss\\Quicken Scheduled Updates.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\Quicken\\bagent.exe "
"item"="Quicken Scheduled Updates"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Updates from HP.lnk"
"backup"="C:\\WINDOWS\\pss\\Updates from HP.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\UPDATE~1\\137903\\Program\\BACKWE~1.EXE -startup"
"item"="Updates from HP"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Verizon Online Support Center.lnk"
"backup"="C:\\WINDOWS\\pss\\Verizon Online Support Center.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\VERIZO~1\\bin\\matcli.exe -boot"
"item"="Verizon Online Support Center"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jake^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\Jake\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WANMiniportService"=dword:00000002
"GEARSecurity"=dword:00000002
"AOL ACS"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command D:\Info.exe folder.htt 480 480


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Owner.job
C:\WINDOWS\tasks\wrSpySweeper20050904181745.job

Completion time: 07-01-28 9:02:42


--------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:03:38 AM, on 1/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jake\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.com/exec/obidos/re...ww.amazon.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Common Files\Symantec Shared\SymProbe.exe" -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [qwqdnin] C:\WINDOWS\system32\sclogv.exe r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AutoTBar] ; C:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Component Manager] ; "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] ; "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHUPD05] ; "c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
O4 - HKLM\..\Run: [ISUSScheduler] ; "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] ; "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UpdateManager] ; "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VTTimer] ; VTTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...05/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

[forhockey]

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
---------------------------------------------------------------------------------------------

Please download Brute Force Uninstaller to your desktop.

• Right click the BFU folder on your desktop, and choose Extract All
• Click "Next"
• In the box to choose where to extract the files to,
• Click "Browse"
• Click on the + sign next to "My Computer"
• Click on "Local Disk (C:) or whatever your primary drive is
• Click "Make New Folder"
• Type in BFU
• Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:BFU).

Do not do anything with these yet!
---------------------------------------------------------------------------------------------

P2P Software

P2P - I see you have P2P software Azureus installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Crack Programs

The use of crack programs are an open door for malware to enter in your computer. I strongly discourage you from participating in using such programs if you wish to keep your system clean in the future.
---------------------------------------------------------------------------------------------

Disable Webroot SpySweeper

Please disable Webroot SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean.

To disable Webroot SpySweeper:

• Go to the Options>Program Options
• Uncheck Load at Windows Startup
• Click Shields on the left.
• Click Internet Explorer and uncheck all items.
• Click Windows System and uncheck all items.
• Click Startup Programs and uncheck all items.
• Click Browser Add-Ons and uncheck all items.
• Exit Spysweeper.

---------------------------------------------------------------------------------------------

Please close any open browsers or windows before moving on
---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O4 - HKLM\..\Run: [qwqdnin] C:\WINDOWS\system32\sclogv.exe r

Please remember to close all other windows, including browsers then click Fix checked.
---------------------------------------------------------------------------------------------

Delete the following Files indicated in RED. Please reply back to whether or not the file existed.

C:\WINDOWS\system32\sclogv.exe

---------------------------------------------------------------------------------------------

Clear IE6 cookies

1. On the Internet Explorer 6 Tools menu, click Internet Options. The Internet Options box should open to the General tab.
2. On the General tab, in the Temporary Internet Files section, click the Delete Files button. This will delete all the files that are currently stored in your cache [that includes cookies too].
3. Click OK, and then click OK again.

Clear Firefox Cookies

• Click Tools -> Options
• Click Privacy Tab
• Click the "Show Cookies" button
• Click the "Remove All Cookies" button, which is at the bottom of the window.
• Click Close

---------------------------------------------------------------------------------------------

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.

Open notepad and copy/paste the text in the quotebox below:
(don't forget to copy and paste REGEDIT4)

Quote:

REGEDIT4

[-hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239}]

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.
-------------------------------------------------------------------------

Please go to Start > My Computer and navigate to the C:BFU folder.

• Start the Brute Force Uninstaller by doubleclicking BFU.exe
• Beside the scriptline to execute field click the folder icon and select alcanshorty.bfu by double clicking on it.
• Press Execute and let it do it’s job. (You ought to see a blue progress bar if you did this correctly.)
• Wait for the complete script execution box to pop up and press OK.
• Press exit to terminate the BFU program.

-------------------------------------------------------------------------

Restart your computer
-------------------------------------------------------------------------

Perform an online scan with Internet Explorer with

Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan
-------------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

---------------------------------------------------------------------------------------------

Please include the following in your next reply:

Kaspersky Results
New HijackThis log


How is your system behaving now?

[Ascendancy]

Sorry, I don't have all the results yet. I just didn't want you to think I'm not doing anything with the problem. I haven't had a lot of time on the computer, but I am working through your list of steps, so rest assured I will post back the results soon!

[forhockey]

Alright, thanks for letting me know.

[Ascendancy]

Here you go!

[forhockey]

Hi Ascendancy,

I notice that your Kaspersky scan got interrupted during its scan. Do you know why this happened?

---------------------------------------------------------------------------------------------

Copy everything inside the quote box below (starting with dir) and paste it into notepad. Go up to "File > Save As" and click the drop-down box to change the "Save As Type" to "All Files". Save it as findfile.bat on your Desktop.

Quote:

dir C:\WINDOWS\system32\sclogv.exe /a h > files.txt
notepad files.txt

Locate findfile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the contents of that Notepad here.
---------------------------------------------------------------------------------------------

P2P Software

P2P - I see you have P2P software Azureus, Limewire, & Morpheus installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.
---------------------------------------------------------------------------------------------

Clear Firefox Cookies

• Click Tools -> Options
• Click Privacy Tab
• Click the "Show Cookies" button
• Click the "Remove All Cookies" button, which is at the bottom of the window.
• Click Close

Clear IE6 cookies

1. On the Internet Explorer 6 Tools menu, click Internet Options. The Internet Options box should open to the General tab.
2. On the General tab, in the Temporary Internet Files section, click the Delete Files button. This will delete all the files that are currently stored in your cache [that includes cookies too].
3. Click OK, and then click OK again.

Clear Netscape cookies

1. Click Tools and select Options
2. Select Privacy under Options on the left side of the screen
3. Click Cache
4. Click Clear Cache
5. Click Clear
6. Click OK

---------------------------------------------------------------------------------------------

How is your system behaving now?

[Ascendancy]

The reason that it stopped last time was that I was closing some windows, and I wasn't reading what they were. I saw that and I hit cancel by accident. I was going to start it over again, but it was at 99% so I figured that it had found everything you would need. If you want me to re-run it I will though. Here is what the batch file produced:

Volume in drive C is HP_PAVILION
Volume Serial Number is A042-31CA

Directory of C:\WINDOWS\system32


Directory of C:\Documents and Settings\Jake\Desktop

[forhockey]

How is your system behaving?

[Ascendancy]

It seems to be doing a lot better from what I can tell. I can have plenty of programs open and still have it running nicely.

[forhockey]

Well done, your logs are clean! There are just a few more things I would like you to do.

Update Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6-windowsi586-p.exe to install the newest version.

Reset System Restore

To turn off System Restore click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.

This will create a new Restore Point.

Re-enable Webroot SpySweeper

To re-enable Webroot SpySweeper:

• Go to the Options>Program Options
• Check Load at Windows Startup
• Click Shields on the left.
• Click Internet Explorer and check all items.
• Click Windows System and check all items.
• Click Startup Programs and check all items.
• Click Browser Add-Ons and check all items.
• Exit Spysweeper.

Microsoft Updates

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Malware Prevention Tools

These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.

• SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates.
• IE-Spyad - Extract to your desktop and double-click install.bat. Install options #2 and #4. IE-Spyad places more than 4,000 dubious domains in the IE Restricted list, which impairs attempts to infect your system. It prevents any downloads from the sites although you will still be able to connect to them. You can read more about it on it's homepage.
• MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites.
• McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox.
• SpywareGuard - real-time protection that detects and blocks spyware before it can execute.

Alternative Web Browsers

Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites.

• Firefox
• Opera

Firewalls

If you do not have a firewall, here are a few free ones available for personal use:

Understanding and Using Firewalls

• Comodo Personal Firewall
• ZoneAlarm
• OutPost Firewall

Informational Reading

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:

• PC SAFETY AND SECURITY
• How Did I Get Infected In The First Place?.
• THE ANTI-SPYWARE TUTORIAL
• STRONG PASSWORDS

Please respond to this thread one more time so we can mark this thread as resolved.

[Ascendancy]

Thanks for all your help! I really enjoyed the firewall article, and I'll be checking out those other readings as well.

[forhockey]

Your welcome. Take care.