Sign in to follow this  
jmerrill8

:( I have tfthot.exe and don't know how to get rid of it.

Recommended Posts

My computer is unusable... I have tried logging in under safe mode and running Trend Micro's virus scan and spybot search & destroy.

 

I'm not sure what to do next?

Share this post


Link to post
Share on other sites

Hi jmerrill8, Welcome to the forum ;)

 

Can you post a HijackThis log and I will be happy to check it over for any problems.

 

Download HijackThis

 

Save it in a convenient permanent folder such as C:\HijackThis\

 

Run HijackThis and choose Do a system scan and save a logfile

When the scan is finished, it will open the results in notepad and also save them into the HijackThis folder.

 

Please post the full contents of the logfile back on here

 

Most of what it lists will be harmless or essential, don't fix anything yet.

 

Regards

 

Andy

Share this post


Link to post
Share on other sites

I'm also experiencing this as well... Here is my hijackthis log file.

 

Thanks for your help--

 

Logfile of HijackThis v1.99.1

Scan saved at 1:48:03 PM, on 7/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

F:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

F:\Program Files\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

F:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\WINDOWS\system32\wltray.exe

C:\Program Files\AGEIA Technologies\TrayIcon.exe

C:\WINDOWS\system32\18773b9f.exe

C:\WINDOWS\system32\13f7c6c5.exe

C:\WINDOWS\thiselt.exe

C:\WINDOWS\system32\mptft.exe

C:\WINDOWS\system32\bdpn.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ssec.exe

C:\WINDOWS\system32\tfthot.exe

C:\Program Files\Common Files\{B06BD4E8-086E-1033-0114-040607040001}\Update.exe

C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

C:\PROGRA~1\MANTEC~1\explorer.exe

C:\WINDOWS\system32\WgaTray.exe

C:\DOCUME~1\Russ\MYDOCU~1\DOBE~1\smss.exe

C:\Program Files\VideoLAN\VLC\vlc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Russ\Desktop\HijackThis.exe

C:\WINDOWS\system32\tfthot.exe

C:\WINDOWS\system32\tfthot.exe

C:\WINDOWS\system32\tfthot.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20069&k=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20069&k=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.17.1.1:8080

R3 - URLSearchHook: (no name) - <default> - (no file)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\yhgop.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,kcnrais.exe

O1 - Hosts: 72.232.111.34 l2testauthd.lineage2.com #st0rm

O1 - Hosts: 72.232.111.34 l2authd.lineage2.com #st0rm

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll

O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll

O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [GameDrive] F:\Program Files\FarStone\GameDrive\gdtask.exe /AutoRestore /Silence

O4 - HKLM\..\Run: [smcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe

O4 - HKLM\..\Run: [18773b9f.exe] C:\WINDOWS\system32\18773b9f.exe

O4 - HKLM\..\Run: [13f7c6c5.exe] C:\WINDOWS\system32\13f7c6c5.exe

O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe

O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe

O4 - HKLM\..\Run: [kSPYv] "C:\WINDOWS\system32\bdpn.exe"

O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe

O4 - HKLM\..\Run: [win320924-13351104] C:\WINDOWS\win320924-13351104.exe

O4 - HKLM\..\Run: [surfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [13f7c6c5.exe] C:\Documents and Settings\Russ\Local Settings\Application Data\13f7c6c5.exe

O4 - HKCU\..\Run: [Ocrp] "C:\PROGRA~1\MANTEC~1\explorer.exe" -vt yazr

O4 - HKCU\..\Run: [18773b9f.exe] C:\Documents and Settings\Russ\Local Settings\Application Data\18773b9f.exe

O4 - HKCU\..\Run: [Jlnj] C:\DOCUME~1\Russ\MYDOCU~1\DOBE~1\smss.exe

O4 - HKCU\..\Run: [surfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

O4 - Startup: Indigo Prophecy Registration.lnk = C:\WINDOWS\Installer\MSI38.tmp

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll

O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.elitemediagroup.net

O15 - Trusted Zone: *.i-lookup.com

O15 - Trusted Zone: *.media-motor.net

O15 - Trusted Zone: *.mmohsix.com

O15 - Trusted Zone: *.offshoreclicks.com

O15 - Trusted Zone: *.teensguru.com

O15 - Trusted Zone: http://click.getmirar.com (HKLM)

O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)

O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)

O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...oad/tgctlcm.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162

O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O18 - Filter: text/html - (no CLSID) - (no file)

O20 - AppInit_DLLs: scanregw.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - F:\Program Files\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe (file missing)

O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe (file missing)

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Program Files\Sygate\SPF\smc.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing)

Share this post


Link to post
Share on other sites

Hi Nightraine

 

This is someone elses thread so it would of been best to start a new topic but we may as well continue now you have post the log,

 

That is a very infected machine you have :)

 

Id like to see the contents of the Add/Remove screen before we start to manually remove all the files to see which programs have uninstallers present but lets start with getting rid of Qoologic and SurfSideKick then we can deal with the rest in the next post

 

Please download Qoofix by RubbeR DuckY from http://www.malwarebytes.org/Qoofix.zip

  1. Unzip all files to a convenient location such as C:\Qoofix.
  2. Go to the folder you unzipped all files and run Qoofix.exe.
  3. Click Begin Removal and wait for the scan to finish.
  4. If an infection has been found, select yes to restart your computer.

Post the contents of the Qoofix logfile which is saved to the same location as Qoofix into your next post.

 

Goto Start Menu > Control Panel > Add or Remove Programs and remove SurfSideKick , enter the number on screen and then reboot the pc when prompted

 

Finally generate a list of the Add/Remove screen entries

 

Open Hijackthis, Click Open the Misc tools section Then click the Open Uninstall Manager... button.

The Add/Remove Programs Manager panel should appear.

In this panel click the Save list button.

Save the uninstall_list.txt file to your desktop and copy and paste the contents back in your next reply.

 

Please then post back the Add/remove screen list and the Qoofix logfile

 

Cheers

 

Andy

Share this post


Link to post
Share on other sites

Thanks for all your help, Andy.

 

Qoofix logfile (initial):

 

Qoofix v1.02 by http://www.malwarebytes.org

Scan started on [7/12/2006] at [7:47:54 AM]

-------------------------------------------------------------

No malicious modules found!

-------------------------------------------------------------

No Qoologic infected files found!

-------------------------------------------------------------

Scan COMPLETED SUCCESSFULLY on [7/12/2006] at [7:48:48 AM]

 

Note: Some registry keys may have been removed.

 

 

-- When I attempted to save the uninstall_list.txt, Hijackthis closes down before the save dialog box.

 

Qoofix logfile (after removing SurfSidekick)

 

Qoofix v1.02 by http://www.malwarebytes.org

Scan started on [7/12/2006] at [8:02:04 AM]

-------------------------------------------------------------

No malicious modules found!

-------------------------------------------------------------

No Qoologic infected files found!

-------------------------------------------------------------

Scan COMPLETED SUCCESSFULLY on [7/12/2006] at [8:02:18 AM]

 

Note: Some registry keys may have been removed.

 

Thanks again,

Russ

Share this post


Link to post
Share on other sites

Hi Russ

 

That didnt go very well, time for plan B :P

 

Can you disable the Real Time protection on Microsoft Anti-Spyware so it doesnt interfere with the HijackThis fixes or Malware removal

  • Right-click on the Microsoft Anti-Spyware tray icon by your clock (it's the one with the red and yellow bulls-eye).
  • Click on "Security Agents Status".
  • Click on "Disable real-time protection".

You can reenable it once your system is clean.

 

Copy and paste this reply to Notepad and save it to your desktop as some steps will require all browser windows closing and rebooting the PC.

 

Check the Add/Remove screen for these and remove them if found: PurityScan, OuterInfo Network, QuickLinks, Toolbar888, EliteMediaGroup and any programs by OIN if they are on the list, reboot if you remove any.

 

Once that's done run Hijack This and choose Do A System Scan then place a check next to these entries

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = ht*p://www.2020search.com/search/9884/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = ht*p://www.2020search.com/search/9884/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = ht*p://www.2020search.com/search/9884/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = ht*p://www.mrfindalot.com/search.asp?si=20069&k=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = ht*p://www.mrfindalot.com/search.asp?si=20069&k=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

R3 - URLSearchHook: (no name) - <default> - (no file)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\yhgop.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,kcnrais.exe

O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll

O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - HKLM\..\Run: [18773b9f.exe] C:\WINDOWS\system32\18773b9f.exe

O4 - HKLM\..\Run: [13f7c6c5.exe] C:\WINDOWS\system32\13f7c6c5.exe

O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe

O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe

O4 - HKLM\..\Run: [kSPYv] "C:\WINDOWS\system32\bdpn.exe"

O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe

O4 - HKLM\..\Run: [win320924-13351104] C:\WINDOWS\win320924-13351104.exe

O4 - HKLM\..\Run: [surfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

O4 - HKCU\..\Run: [13f7c6c5.exe] C:\Documents and Settings\Russ\Local Settings\Application Data\13f7c6c5.exe

O4 - HKCU\..\Run: [Ocrp] "C:\PROGRA~1\MANTEC~1\explorer.exe" -vt yazr

O4 - HKCU\..\Run: [18773b9f.exe] C:\Documents and Settings\Russ\Local Settings\Application Data\18773b9f.exe

O4 - HKCU\..\Run: [Jlnj] C:\DOCUME~1\Russ\MYDOCU~1\DOBE~1\smss.exe

O4 - HKCU\..\Run: [surfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll

O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll

O15 - Trusted Zone: *.elitemediagroup.net

O15 - Trusted Zone: *.i-lookup.com

O15 - Trusted Zone: *.media-motor.net

O15 - Trusted Zone: *.mmohsix.com

O15 - Trusted Zone: *.offshoreclicks.com

O15 - Trusted Zone: *.teensguru.com

O15 - Trusted Zone: ht*p://click.getmirar.com (HKLM)

O15 - Trusted Zone: ht*p://click.mirarsearch.com (HKLM)

O15 - Trusted Zone: ht*p://redirect.mirarsearch.com (HKLM)

O15 - Trusted Zone: ht*p://awbeta.net-nucleus.com (HKLM)

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - ht*p://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - ht*p://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162

O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - ht*p://awbeta.net-nucleus.com/FIX/WinATS.cab

O18 - Filter: text/html - (no CLSID) - (no file)

O20 - AppInit_DLLs: scanregw.dll

Close all open browser and other windows except for Hijack This and press the Fix Checked button

 

Dont worry if it shows a error when trying to fix the 020 entry.

 

Download Killbox from Here

 

http://www.killbox.net/downloads/KillBox.exe

 

Click killbox.exe

 

Select the option "Delete on reboot".

 

Click the button: All Files (Important!)

Now it should flash green.

 

Next copy the contents of the code box to clipboard by left clicking and covering the text then right click inside the highlighted area and choose Copy:

 

C:\WINDOWS\system32\18773b9f.exe
C:\WINDOWS\system32\13f7c6c5.exe
C:\WINDOWS\thiselt.exe
C:\WINDOWS\system32\mptft.exe
C:\WINDOWS\system32\bdpn.exe
C:\WINDOWS\CCZoop05.exe
C:\WINDOWS\win320924-13351104.exe
C:\WINDOWS\system32\ssec.exe
C:\Documents and Settings\Russ\Local Settings\Application Data\13f7c6c5.exe
C:\Documents and Settings\Russ\Local Settings\Application Data\18773b9f.exe
C:\PROGRA~1\MANTEC~1\explorer.exe
C:\PROGRA~1\MANTEC~1
C:\DOCUME~1\Russ\MYDOCU~1\DOBE~1\smss.exe
C:\DOCUME~1\Russ\MYDOCU~1\DOBE~1
C:\WINDOWS\system32\dmonwv.dll
C:\WINDOWS\system32\scanregw.dll
C:\WINDOWS\scanregw.dll
C:\WINDOWS\system32\tfthot.exe
C:\Program Files\Common Files\{B06BD4E8-086E-1033-0114-040607040001}\Update.exe
C:\Program Files\Common Files\{B06BD4E8-086E-1033-0114-040607040001}

 

After copying the above text to Clipboard click File on the killbox menu bar and choose Paste From Clipboard

 

Then press the Delete File button (Red Circle with a White X).

Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES

If you don't get that message, reboot manually.

 

Your computer should reboot now.

 

Finally can you export some information from your registry:

 

Open Notepad (Start Menu > Run > Type notepad and press OK)

 

Copy and Paste the contents of the code box into Notepad

 

if exist Export.txt del /q Export.txt

regedit /e Check1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies"
regedit /e Check2.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies"
Type Check*.txt > Export.txt
del /q Check*.txt
regedit /e Uninstall1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]>>Uninstall.txt
FIND "DisplayName" < Uninstall1.txt | find /v "QuietDisplayName" | find /v "ParentDisplayName" | find /v "WebFldrs XP" >>Uninstall.txt
Type Uninstall.txt >>Export.txt
del /q Uninstall*.txt
Notepad Export.txt

 

Goto File on the top bar and choose Save As, Change the Save As Type to All Files, Name it Check.bat then save it to your desktop

 

Double click Check.bat and it will export the contents of the policy keys and the Uninstall key and open the information in notepad, please post the contents of that text file (Export.txt) back on the forum

 

Please then post back a new HijackThis log and the above reg export (Export.txt) , let us know if you have any problems or questions

 

Thanks

 

Andy

Share this post


Link to post
Share on other sites

Export.txt --

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]

"NoDriveAutoRun"=dword:00800200

"NoActiveDesktopChanges"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run]

"wininet.dll"="regperf.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]

"{17492023-C23A-453E-A040-C7C580BBF700}"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum]

"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"=dword:00000001

"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"=dword:40000021

"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"=dword:00000020

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

"DisableTaskMgr"=dword:00000000

 

Windows Registry Editor Version 5.00

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

"{B06BD4E8-086E-1033-0114-040607040001}"="\"C:\\Program Files\\Common Files\\{B06BD4E8-086E-1033-0114-040607040001}\\Update.exe\" mc-110-12-0000272"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"DisplayName"="EA SPORTS online 2006"

"DisplayName"="Ad-Aware SE Personal"

"DisplayName"="Adobe Acrobat 5.0"

"DisplayName"="Adobe Download Manager 2.0 (Remove Only)"

"DisplayName"="AGEIA PhysX v2.3.3"

"#DisplayName"="Ahead Manuals and Guides"

"ShowDisplayName"=dword:00000000

"DisplayName"="Alarm Clock v1.0"

"DisplayName"="Alt WAV MP3 WMA OGG Converter Version 4.01"

"DisplayName"="Autodesk DWF Viewer"

"DisplayName"="AviSynth 2.5"

"DisplayName"="Azureus"

"DisplayName"="C-Media 3D Audio"

"DisplayName"="C-Media WDM Audio Driver"

"DisplayName"="CCleaner (remove only)"

"DisplayName"="CDisplay 1.8"

"DisplayName"="City of Villains/City of Heroes (remove only)"

"DisplayName"="Collab"

"DisplayName"="DirectVobSub (remove only)"

"DisplayName"="DOOM Collector's Edition"

"DisplayName"="DVD Shrink 3.2"

"DisplayName"="EMS 9.0 at 10.185.40.8"

"DisplayName"="EMS 9.0 at 10.185.41.8"

"DisplayName"="eMule"

"DisplayName"="Family Feud (remove only)"

"DisplayName"="ffdshow"

"DisplayName"="FL Studio 6"

"DisplayName"="GameSpy Arcade"

"DisplayName"="HijackThis 1.99.1"

"DisplayName"="Homeworld2"

"DisplayName"="EA downloader"

"DisplayName"="iTunes"

"DisplayName"="Lineage II"

"DisplayName"="Fable - The Lost Chapters"

"DisplayName"="Call of Duty® 2"

"DisplayName"="InterActual Player"

"DisplayName"="Inzomia viewer 1.60"

"DisplayName"="IsoBuster 1.9"

"DisplayName"="Windows XP Hotfix - KB873339"

"DisplayName"="Windows XP Hotfix - KB885250"

"DisplayName"="Windows XP Hotfix - KB885835"

"DisplayName"="Windows XP Hotfix - KB885836"

"DisplayName"="Windows XP Hotfix - KB886185"

"DisplayName"="Windows XP Hotfix - KB887472"

"DisplayName"="Windows XP Hotfix - KB888113"

"DisplayName"="Windows XP Hotfix - KB888302"

"DisplayName"="Windows XP Hotfix - KB891781"

"DisplayName"="Update for Windows XP (KB900485)"

"DisplayName"="Security Update for Windows XP (KB908531)"

"DisplayName"="Security Update for Windows XP (KB911280)"

"DisplayName"="Security Update for Windows XP (KB911562)"

"DisplayName"="Security Update for Windows XP (KB911567)"

"DisplayName"="Security Update for Windows XP (KB912812)"

"DisplayName"="Security Update for Windows XP (KB913580)"

"DisplayName"="Security Update for Windows XP (KB914389)"

"DisplayName"="Security Update for Windows XP (KB916281)"

"DisplayName"="Security Update for Windows XP (KB917344)"

"DisplayName"="Security Update for Windows Media Player 10 (KB917734)"

"DisplayName"="Security Update for Windows XP (KB917953)"

"DisplayName"="Security Update for Windows XP (KB918439)"

"DisplayName"="K-Lite Mega Codec Pack 1.53"

"DisplayName"="KXploit Tool"

"DisplayName"="Microsoft .NET Framework 1.1 Hotfix (KB886903)"

"DisplayName"="Microsoft .NET Framework 1.1"

"DisplayName"="Microsoft .NET Framework 2.0"

"DisplayName"="mIRC"

"DisplayName"="Mozilla (1.7.12)"

"DisplayName"="Mozilla Firefox (1.5.0.4)"

"#DisplayName"="InCD Reader"

"ShowDisplayName"=dword:00000000

"DisplayName"="MSN Music Assistant"

"#DisplayName"="Nero OEM"

"ShowDisplayName"=dword:00000000

"DisplayName"="Nero PhotoShow Elite"

"DisplayName"="Nero Suite"

"#DisplayName"="NeroVision Express 2"

"ShowDisplayName"=dword:00000000

"#DisplayName"="Nero Media Player"

"ShowDisplayName"=dword:00000000

"#DisplayName"="NeroVision Express Content"

"ShowDisplayName"=dword:00000000

"DisplayName"="NVIDIA Drivers"

"DisplayName"="Ogg Converter"

"DisplayName"="PowerISO"

"DisplayName"="PSP Video 9 1.62"

"DisplayName"="Logitechr Camera Driver"

"DisplayName"="Roguescanfix 1.4"

"DisplayName"="Skype 2.0"

"DisplayName"="Soldier of Fortune II - Double Helix"

"DisplayName"="Spybot - Search & Destroy 1.4"

"DisplayName"="TeamSpeak 2 RC2"

"DisplayName"="TotalBF2 Map Pack 3"

"DisplayName"="UniUploader"

"DisplayName"="Unreal Tournament"

"DisplayName"="VideoLAN VLC media player 0.8.4a"

"DisplayName"="VIA Rhine-Family Fast Ethernet Adapter"

"DisplayName"="Warez P2P Client 2.93"

"DisplayName"="Windows Genuine Advantage Validation Tool"

"DisplayName"="Windows Genuine Advantage Notifications (KB905474)"

"DisplayName"="WildTangent Web Driver"

"DisplayName"="Winamp (remove only)"

"DisplayName"="Windows Media Format Runtime"

"DisplayName"="Windows Media Player 10"

"DisplayName"="Windows XP Service Pack 2"

"DisplayName"="WinRAR archiver"

"DisplayName"="WinZip"

"DisplayName"="Windows Media Connect"

"DisplayName"="World of Warcraft"

"DisplayName"="Xbox 360 Controller for Windows"

"DisplayName"="Xfire (remove only)"

"DisplayName"="Yahoo! Toolbar"

"DisplayName"="Yahoo! Toolbar"

"DisplayName"="Logitech iTouch Software"

"DisplayName"="Battlefield 2"

"DisplayName"="Lineage II"

"DisplayName"="Sunbelt CounterSpy"

"DisplayName"="Call of Duty® 2 Patch 1.2"

"DisplayName"="Prey"

"DisplayName"="EA downloader"

"DisplayName"="iTunes"

"DisplayName"="Lineage II"

"DisplayName"="FEAR"

"DisplayName"="J2SE Runtime Environment 5.0 Update 2"

"DisplayName"="J2SE Runtime Environment 5.0 Update 5"

"DisplayName"="J2SE Runtime Environment 5.0 Update 6"

"DisplayName"="Oblivion"

"DisplayName"="Star Wars Battlefront II"

"DisplayName"="Google Earth"

"DisplayName"="DAEMON Tools"

"DisplayName"="Pinnacle Game Profiler"

"DisplayName"="Battlefield 2: Special Forces"

"DisplayName"="VPN Client"

"DisplayName"="Logitech Gaming Software"

"DisplayName"="Windows Genuine Advantage v1.3.0254.0"

"DisplayName"="Microsoft Streets and Trips 2005"

"DisplayName"="Microsoft .NET Framework 2.0"

"DisplayName"="Ventrilo Client"

"DisplayName"="Belkin Wireless Utility"

"DisplayName"="Microsoft Office Professional Edition 2003"

"DisplayName"="Hitman Blood Money"

"DisplayName"="MSN Messenger 7.0"

"DisplayName"="Adobe Reader 7.0.8"

"DisplayName"="NASCARr Racing 2003 Season"

"DisplayName"="Fable - The Lost Chapters"

"DisplayName"="Logitech QuickCam Software"

"DisplayName"="Microsoft .NET Framework 1.1"

"DisplayName"="Call of Duty® 2"

"DisplayName"="GameDrive"

"DisplayName"="Black & Whiter 2"

"DisplayName"="Autodesk 3ds Max 8"

"DisplayName"="Rockbox version 2.5"

"DisplayName"="Ghost Recon Advanced Warfighter"

"DisplayName"="Sygate Personal Firewall"

 

HijackThis Logfile

 

Logfile of HijackThis v1.99.1

Scan saved at 2:43:31 PM, on 7/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

F:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

F:\Program Files\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

F:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wltray.exe

C:\Program Files\AGEIA Technologies\TrayIcon.exe

C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Russ\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.17.1.1:8080

O1 - Hosts: 72.232.111.34 l2testauthd.lineage2.com #st0rm

O1 - Hosts: 72.232.111.34 l2authd.lineage2.com #st0rm

O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [GameDrive] F:\Program Files\FarStone\GameDrive\gdtask.exe /AutoRestore /Silence

O4 - HKLM\..\Run: [smcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - Startup: Indigo Prophecy Registration.lnk = C:\WINDOWS\Installer\MSI38.tmp

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...oad/tgctlcm.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - C:\WINDOWS\system32\v199.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - F:\Program Files\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe (file missing)

O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe (file missing)

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Program Files\Sygate\SPF\smc.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing)

 

Thanks for the response,

Russ

Share this post


Link to post
Share on other sites

Hi Russ , Nice work, that's looking alot better :huh:

 

I forgot to mention putting HijackThis into a folder so the backups are kept with the program so could you do that first, right click an empty space on the desktop and choose New then Folder, name it HJT or HijackThis then left click the HijackThis.exe file and drag it over the new folder, release the mouse button and it will go into the folder. Also move the Backups folder into the HijackThis folder.

 

Delete the NewDotNet folder (I left it off the last list incase it had a Add/Remove screen entry)

 

C:\ProgramFiles\NewDotNet

 

(It shows as NEWDOT~1 in the log so there could be any letters after NEWDOT but it will likely say NewDotNet and hopefully be easy enough to find)

 

Can you send me a copy of the Killbox folder if you get the time so I can have a closer look at the infections, Goto Start Menu > My Computer > C:\drive and then locate !Killbox Right click that folder and choose Send To then Compressed Zipped Folder. This will create a copy of the !Killbox folder and add it to another location on C:\Drive, Right click that zipped folder (!Killbox.zip) and choose Explore then goto file on the top bar and choose Add a Password , make the password malware (all lowercase letters) and send it to

 

AndyManchesta(AT) hotmail.com (replace (AT) with @)

 

You can then delete the C:\!Killbox folder and the !Killbox.zip folder as it contains backups of what we removed and they are not needed now.

 

Open Notepad (Start Menu > Run > Type notepad and press OK)

 

Copy and Paste the contents of the code box into Notepad making REGEDIT4 the top line.

 

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

 

Goto File on the top bar and choose Save As, Change the Save As Type to All Files, Name it Fix.reg then save it to your desktop

 

Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes and the reg key's will be removed.

 

Run Hijack This and choose Do A System Scan then place a check next to these entries

O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - ht*p://awbeta.net-nucleus.com/FIX/WinATS.cab

O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - C:\WINDOWS\system32\v199.dll

Close all open browser and other windows except for Hijack This and press the Fix Checked button

 

Please download SmitfraudFix (by S!Ri)

Extract the content (a folder named SmitfraudFix) to your Desktop.

 

Next Download Ewido Anti-Spyware

  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")

Exit Ewido for now as we will be using it again in safe mode.

 

Run Ccleaner and press the Run Cleaner button to remove Temp files from your system.

 

Then or copy the below instructions to a Notepad file and save it to your desktop for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

 

Please reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

 

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

 

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

 

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

 

Running option #2 will remove your Desktop background because Trojans related to these infections sometimes set a spyware warning as a wallpaper that cannot be removed, once the system reboots you can then restore the Wallpaper you want to use.

  • Run Ewido Anti-Spyware
  • Click on the Scanner tab at the top and then click on Complete System Scan
  • Ewido will list any infections found on the left, when the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will then display "All actions have been applied" on the right.
  • Click on "Save Report", then "Save Report As". This will create a text file which you can then save to the Desktop and post back

Reboot Back To Normal Mode.

 

Please then post back the SmitfraudFix report (C:\rapport.txt), the Ewido log and a new HijackThis log

 

Cheers

 

Andy

Share this post


Link to post
Share on other sites

Andy,

When I tried to send the !Killbox.zip, Gmail stated it could not send mail with an executable file. Here is the ewido log file part a. Due to length ewido partb, smitfraud, and HijackThis will be on following post.

 

THANKS!!!!

 

 

ewido

 

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 6:40:44 PM 7/12/2006

 

+ Scan result:

 

 

 

HKLM\SOFTWARE\Classes\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined).

HKU\S-1-5-21-776561741-1532298954-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined).

HKU\S-1-5-21-776561741-1532298954-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Cleaned with backup (quarantined).

HKU\S-1-5-21-776561741-1532298954-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined).

HKU\S-1-5-21-776561741-1532298954-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E422F49-1566-40D3-B43D-077EF739AC32} -> Adware.Generic : Cleaned with backup (quarantined).

C:\WINDOWS\system32ftuninst.exe -> Adware.Linkmaker : Cleaned with backup (quarantined).

C:\Program Files\Mozilla Firefox\npdlplug-1.5.0.0-147-setup.exe/DlPlugin-Moz\buddy.exe -> Adware.Lop : Error during cleaning.

F:\Program Files\Download Plugin\DlPlugin-Moz\buddy.exe -> Adware.Lop : Cleaned with backup (quarantined).

C:\WINDOWS\em.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).

C:\Program Files\Microsoft AntiSpyware\Quarantine\11CF2A6F-74B9-45BD-AC01-B2A511\DC78D867-D692-48F4-BEB1-186776 -> Adware.NewDotNet : Cleaned with backup (quarantined).

C:\Program Files\Microsoft AntiSpyware\Quarantine\11CF2A6F-74B9-45BD-AC01-B2A511\E522844C-4406-4A9D-BBB7-F7A357 -> Adware.NewDotNet : Cleaned with backup (quarantined).

C:\!KillBox\scanregw.dll -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\!KillBox\smss.exe -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\SecTaskMan\scanregw.dll.q_8044001_q -> Adware.PurityScan : Cleaned with backup (quarantined).

F:\!KillBox.rar/!KillBox\scanregw.dll -> Adware.PurityScan : Error during cleaning.

F:\!KillBox.rar/!KillBox\smss.exe -> Adware.PurityScan : Error during cleaning.

C:\WINDOWS\system32tfthot.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).

C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\Cache(3)\01A62C97d01 -> Adware.Trymedia : Cleaned with backup (quarantined).

C:\WINDOWS\system32\iiffdcb.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\SecTaskMan\DLP.dll.q_2CFF201_q -> Adware.Webdir : Cleaned with backup (quarantined).

HKU\S-1-5-21-776561741-1532298954-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} -> Adware.WebDir : Cleaned with backup (quarantined).

C:\!KillBox\win320924-13351104.exe -> Backdoor.Small : Cleaned with backup (quarantined).

F:\!KillBox.rar/!KillBox\win320924-13351104.exe -> Backdoor.Small : Error during cleaning.

C:\WINDOWS\zuckdha.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).

C:\WINDOWS\scvhost.exe -> Downloader.IstBar.jz : Cleaned with backup (quarantined).

C:\WINDOWS\system32\oins.exe -> Downloader.PurityScan.cp : Cleaned with backup (quarantined).

F:\Misc\WarezP2P.exe -> Downloader.Small : Cleaned with backup (quarantined).

C:\Documents and Settings\Russ\Desktop\TagASaurus.exe -> Hijacker.Small : Cleaned with backup (quarantined).

C:\WINDOWS\unin101.exe -> Hijacker.Small : Cleaned with backup (quarantined).

:mozilla.200:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.201:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.202:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.203:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.204:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.205:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.206:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.207:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.208:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.209:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.210:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.211:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.212:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.213:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.214:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.215:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.216:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.217:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.218:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.219:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.220:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.222:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.223:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.224:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.225:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.226:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.227:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.228:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.229:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.230:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.231:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.232:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.233:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.234:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.235:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.236:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.237:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.238:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.239:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.240:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.241:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.451:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.491:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.667:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.242:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.921:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.439:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Addynamix : Cleaned.

:mozilla.440:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Addynamix : Cleaned.

:mozilla.601:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.

:mozilla.602:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.

:mozilla.603:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.

:mozilla.604:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.

:mozilla.505:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.506:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.507:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.508:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.509:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.564:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned.

:mozilla.565:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned.

:mozilla.566:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned.

:mozilla.567:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned.

:mozilla.186:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.187:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.188:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.189:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.190:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.193:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.621:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Adviva : Cleaned.

:mozilla.148:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.434:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Bfast : Cleaned.

:mozilla.453:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.

:mozilla.552:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.

:mozilla.550:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

:mozilla.551:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

:mozilla.553:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

:mozilla.411:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.412:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.413:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.414:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.415:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.416:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.417:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.340:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Clickzs : Cleaned.

:mozilla.341:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Clickzs : Cleaned.

:mozilla.342:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Clickzs : Cleaned.

:mozilla.343:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Clickzs : Cleaned.

:mozilla.625:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Com : Cleaned.

:mozilla.634:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Com : Cleaned.

:mozilla.635:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Com : Cleaned.

:mozilla.636:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Com : Cleaned.

:mozilla.637:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Com : Cleaned.

:mozilla.638:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Com : Cleaned.

:mozilla.428:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.

:mozilla.145:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.146:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.147:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.617:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.464:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.465:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.466:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.467:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.483:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.484:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.485:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.557:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.558:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.559:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.560:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.447:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Findwhat : Cleaned.

:mozilla.640:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.641:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.642:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.643:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.644:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.645:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.646:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.647:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.648:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.649:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.650:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.652:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.653:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.654:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.655:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.656:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.657:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.678:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.859:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.918:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.939:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.953:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.954:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.914:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Hotlog : Cleaned.

:mozilla.299:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Masterstats : Cleaned.

:mozilla.50:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.

:mozilla.51:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.

:mozilla.827:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Onestat : Cleaned.

:mozilla.828:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Onestat : Cleaned.

:mozilla.829:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Onestat : Cleaned.

:mozilla.830:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Onestat : Cleaned.

:mozilla.831:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Onestat : Cleaned.

:mozilla.554:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.555:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.367:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.368:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.369:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.370:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.371:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.432:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Qksrv : Cleaned.

:mozilla.433:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Qksrv : Cleaned.

:mozilla.528:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.529:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.530:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.531:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.383:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.384:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.385:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.386:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.387:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.388:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.389:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.390:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.501:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.502:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.503:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.504:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.510:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.511:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.512:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.513:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.514:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.515:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.516:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.517:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.518:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.362:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.363:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.364:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.365:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.366:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.101:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.102:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.103:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.104:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.105:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.106:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.107:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.108:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.109:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.110:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.111:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.112:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.113:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.114:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.115:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.116:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.117:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.118:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.119:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.120:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.121:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.122:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.123:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.124:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.125:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.126:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.127:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.128:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.129:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.130:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.131:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.132:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.82:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.83:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.84:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.85:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.86:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.87:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.88:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.89:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.90:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.91:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.92:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.93:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.94:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default

Share this post


Link to post
Share on other sites

User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.95:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.96:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.97:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.98:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.99:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.755:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexlist : Cleaned.

:mozilla.756:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexlist : Cleaned.

:mozilla.757:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexlist : Cleaned.

:mozilla.758:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sexlist : Cleaned.

:mozilla.249:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sextracker : Cleaned.

:mozilla.250:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sextracker : Cleaned.

:mozilla.251:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sextracker : Cleaned.

:mozilla.252:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sextracker : Cleaned.

:mozilla.253:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sextracker : Cleaned.

:mozilla.254:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sextracker : Cleaned.

:mozilla.258:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sextracker : Cleaned.

:mozilla.266:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sextracker : Cleaned.

:mozilla.298:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Sextracker : Cleaned.

:mozilla.54:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.58:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.59:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.60:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.61:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.760:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.761:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.762:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.763:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.764:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.765:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.766:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.767:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.768:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.769:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.770:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.771:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.772:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.773:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.774:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.775:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.776:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.777:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.778:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.779:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.780:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.519:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.520:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.521:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.522:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.523:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.526:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Targetnet : Cleaned.

:mozilla.544:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.

:mozilla.622:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.

:mozilla.150:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.151:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.152:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.153:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.154:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.155:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.156:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.157:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.158:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.159:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.549:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Trafic : Cleaned.

:mozilla.374:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.375:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.376:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.377:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.378:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.379:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.576:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Valuead : Cleaned.

:mozilla.577:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Valuead : Cleaned.

:mozilla.578:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Valuead : Cleaned.

:mozilla.579:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Valuead : Cleaned.

:mozilla.580:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Valuead : Cleaned.

:mozilla.581:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Valuead : Cleaned.

:mozilla.822:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.

:mozilla.18:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.19:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.20:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.21:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.22:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.23:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.24:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.25:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.26:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.27:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.28:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.29:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.30:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.435:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned.

:mozilla.436:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned.

:mozilla.437:C:\Documents and Settings\Russ\Application Data\Mozilla\Firefox\Profiles\6xda5sxq.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned.

C:\WINDOWS\system32\__delete_on_reboot__w_i_n_e_i_j_3_2_._d_l_l_ -> Trojan.Agent.qt : Cleaned with backup (quarantined).

[1012] C:\WINDOWS\system32\wineij32.dll -> Trojan.Agent.qt : Error during cleaning.

 

 

 

::Report end

 

 

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 5:27:38 PM, on 7/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

F:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

F:\Program Files\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

F:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\WINDOWS\system32\wltray.exe

C:\Program Files\AGEIA Technologies\TrayIcon.exe

C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Russ\Desktop\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.17.1.1:8080

O1 - Hosts: 72.232.111.34 l2testauthd.lineage2.com #st0rm

O1 - Hosts: 72.232.111.34 l2authd.lineage2.com #st0rm

O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [GameDrive] F:\Program Files\FarStone\GameDrive\gdtask.exe /AutoRestore /Silence

O4 - HKLM\..\Run: [smcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - Startup: Indigo Prophecy Registration.lnk = C:\WINDOWS\Installer\MSI38.tmp

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...oad/tgctlcm.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - C:\WINDOWS\system32\v199.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - F:\Program Files\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe (file missing)

O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe (file missing)

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Program Files\Sygate\SPF\smc.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing)

Share this post


Link to post
Share on other sites

SmitFraudFix v2.70

 

Scan done at 17:45:25.40, Wed 07/12/2006

Run from C:\Documents and Settings\Russ\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix ran in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\DOCUME~1\Russ\FAVORI~1\Antivirus Test Online.url Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

SORRY ABOUT THE MULTIPLE POSTS :)

Share this post


Link to post
Share on other sites

Hi Russ

 

Don't worry about sending the killbox folder, usually if its in a password protected zipped folder the email scanner doesn't interfere with them but if it wouldn't send then just delete the C:\!KillBox and C:\!Killbox.zip folder from your system. Its also showing on your F:\Drive (F:\!KillBox.rar) so also delete that.

 

Delete this folder if it still exists:

 

C:\Documents and Settings\All Users\Application Data\SecTaskMan

 

It looks like you may have a Vundo infection here so we can check for that next. Ewido detected C:\WINDOWS\system32\wineij32.dll running in memory and that starts up from the Winlogon Notify key but there is no sign of it in the HijackThis log which might mean you have Vundo as that hides the 02 & 020 entries

 

Open hijackthis and click Open the Misc Tools section

 

Then click Delete a file on reboot

 

In the File Name field, copy and paste this:

 

C:\WINDOWS\system32\wineij32.dll

 

Then click Open

 

Hijackthis will tell you that this file will be deleted when the system reboots and ask you if you want to reboot now. Click Yes

 

Your system should then reboot

 

Please then download VundoFix.exe to your C:\Drive.

  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Cheers

 

Andy

Share this post


Link to post
Share on other sites
Sign in to follow this