Help - Search - Members - Calendar
Full Version: Popups etc.
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
crestedmango
Feb 24 2006, 05:57 PM
I completed all the instructions given in a thread:

Close all windows and log off of the Internet.

Launch Notepad, and copy/paste the box below into a new text file. Save it as fixme.reg and save it on your Desktop.

CODE
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{F5236793-603A-4E52-842E-A51574DF02BC}"=-

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions]
Locate fixme.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Download Killbox by Option^Explicit. Extract it from the zip file then double-click on Killbox.exe to run it. Click on "Delete on Reboot", in the "Full Path of File to Delete" box, enter C:\WINNT\System32\Guard.tmp and click on the button with the white cross in a red circle. You will get a question "File will be Deleted on Next Reboot, Process & Reboot now?", answer "No". Do the same for the these files:
C:\WINNT\System32\ulnphost.dll
C:\WINNT\System32\l46olej31ho.dll
C:\WINNT\System32\mvp4l97q1.dll
C:\WINNT\System32\dHdim.dll
C:\WINNT\System32\ir8ol5l31.dll
C:\WINNT\System32\etb500.dll
C:\WINNT\System32\dktmsft.dll

after the last one click the button and answer "Yes". Let Killbox do it's work.

Run HijackThis, click on "Scan" and check the boxes next to all these items.

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch

Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked". Restart your computer and post a new log in this thread. Also post a log from Find.bat


--------------------
user posted image
Proud member since 2004.

Only problem is once I ran hijackthis this is the logfile it made.


Logfile of HijackThis v1.99.1
Scan saved at 11:20:48 PM, on 2/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\cwh.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Motive\AsstCommon\motmon.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Glaikj\Ebujeas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\windows\winsysban11.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Lifeline\bin\mpbtn.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Shev\My Documents\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...sario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [MotiveMonitor] "C:\Program Files\Motive\AsstCommon\motmon.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Qqgvn] C:\Program Files\Glaikj\Ebujeas.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd11.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban11.exe
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames11.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Lifeline.lnk = C:\Program Files\Digital Lifeline\bin\mpbtn.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA...e/bridge-c9.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\irjml5111.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2hldiBBLg\command.exe (file missing)
O23 - Service: cwh - Warranty Corporation of America - C:\WINDOWS\cwh.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



None of the files posted where there, yet still I'm getting popups.
LoPhatPhuud
Feb 24 2006, 10:34 PM
PLease do not use custom fixes posted in threads for other logs. Those are for that log only and may not help you.


First:
Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX


Second:
Please download, install, and update the free version of Ewido Security Suite:
http://www.ewido.net/en/download/

[1]From the main ewido screen, click on update in the left menu, then click the Start update button.

[2]After the update finishes (the status bar at the bottom will display "Update successful")


Close the program after updating (don't scan with it yet, we'll do that in SAFE MODE)

Copy the following instructions to have handy as you will need to be offline, in SAFE MODE and with IE closed so you will not be able to view this page during the process.

Reboot your PC into SAFE MODE

How to start the computer in Safe mode
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Next, run a scan with Ewido.

[3]Click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so please be patient

[4]If Ewido finds anything, it will pop up a notification. You can select "remove" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.

[5]When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Copy and paste the results from that scan back here please for review :)

*Note: Ewido is a free trial product for 14 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).
You will still be able to manually update Ewido using the *update* button :)


Third:
Run HiJackThis again and post a new log in this thread.
crestedmango
Feb 25 2006, 06:11 PM
Logfile of HijackThis v1.99.1
Scan saved at 11:57:24 PM, on 2/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\cwh.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Motive\AsstCommon\motmon.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Glaikj\Ebujeas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\windows\winsysban11.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Lifeline\bin\mpbtn.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Shev\My Documents\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...sario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [MotiveMonitor] "C:\Program Files\Motive\AsstCommon\motmon.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Qqgvn] C:\Program Files\Glaikj\Ebujeas.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd11.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban11.exe
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames11.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Lifeline.lnk = C:\Program Files\Digital Lifeline\bin\mpbtn.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA...e/bridge-c9.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Shell Extentions - C:\WINDOWS\system32\tqrmsrv.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2hldiBBLg\command.exe (file missing)
O23 - Service: cwh - Warranty Corporation of America - C:\WINDOWS\cwh.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Look2Me-Destroyer V1.0.6

Scanning for infected files.....
Scan started at 2/25/2006 11:46:02 PM

Infected! C:\WINDOWS\system32\irjml5111.dll
Infected! C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP179\A0256235.dll
Infected! C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP179\A0257235.dll
Infected! C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP180\A0258233.dll
Infected! C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP180\A0258240.dll
Infected! C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0258289.dll
Infected! C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0258290.dll
Infected! C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0259240.dll
Infected! C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0259242.dll
Infected! C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0260245.dll
Infected! C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0260247.dll
Infected! C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0260248.dll
Infected! C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0260254.dll
Infected! C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0260255.dll
Infected! C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0261254.dll
Infected! C:\WINDOWS\system32\i060lajm1doa.dll
Infected! C:\WINDOWS\system32\irjml5111.dll
Infected! C:\WINDOWS\system32\lv2s09f7e.dll
Infected! C:\WINDOWS\system32\n4p40e7qeh.dll
Infected! C:\WINDOWS\system32\o4840elqehqe0.dll
Infected! C:\WINDOWS\system32\o6pqlg7516.dll
Infected! C:\WINDOWS\system32\whnsta.dll
Infected! C:\WINDOWS\system32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\irjml5111.dll
C:\WINDOWS\system32\irjml5111.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP179\A0256235.dll
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP179\A0256235.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP179\A0257235.dll
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP179\A0257235.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP180\A0258233.dll
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP180\A0258233.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP180\A0258240.dll
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP180\A0258240.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0258289.dll
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0258289.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0258290.dll
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0258290.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0259240.dll
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0259240.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0259242.dll
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0259242.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0260245.dll
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0260245.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0260247.dll
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0260247.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0260248.dll
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0260248.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0260254.dll
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0260254.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0260255.dll
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0260255.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0261254.dll
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP182\A0261254.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\i060lajm1doa.dll
C:\WINDOWS\system32\i060lajm1doa.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\irjml5111.dll
C:\WINDOWS\system32\irjml5111.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lv2s09f7e.dll
C:\WINDOWS\system32\lv2s09f7e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\n4p40e7qeh.dll
C:\WINDOWS\system32\n4p40e7qeh.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\o4840elqehqe0.dll
C:\WINDOWS\system32\o4840elqehqe0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\o6pqlg7516.dll
C:\WINDOWS\system32\o6pqlg7516.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\whnsta.dll
C:\WINDOWS\system32\whnsta.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Unimodem

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded
LoPhatPhuud
Feb 26 2006, 12:25 AM
First:
Messenger Plus! 3 (and it predecessors) are a source of malware and will eventually compromise your system, if it has not already.

I strongly suggest that you remove Messenger Plus. Here's a page with instructions for proper removal of Messenger plus and it's sponsor.

http://chooseknowledge.com/How-to-uninstal...senger-Plus.htm


Second:
Launch Notepad.
Copy/paste the text in the box below into a new text file.
Save it as fixme.reg on your Desktop

CODE
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Shell Extentions"=-



Locate fixme.reg on your Desktop and double-click on it.

You will receive a prompt similar to: "Do you wish to merge the information into the registry?".

Answer 'Yes' and wait for a message to appear similar to "Merged Successfully".


Third:
Open a Command Prompt Window (Start -> Run -> cmd)
Enter the following commands: (then press 'Enter')
sc stop cmdService
sc delete cmdService
exit


Last:
Reboot in Safe Mode* and run HiJackThis. <-- IMPORTANT

Check the following items in HijackThis.
(note: If any R* items mark for deletion, do not appear in Safe Mode, re-run HiJackThis in Normal Mode and remove them after you finish removing these items.)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...sario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O4 - HKLM\..\Run: [Qqgvn] C:\Program Files\Glaikj\Ebujeas.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd11.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban11.exe
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames11.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA...e/bridge-c9.cab

O20 - Winlogon Notify: Shell Extentions - C:\WINDOWS\system32\tqrmsrv.dll

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2hldiBBLg\command.exe (file missing)

Close all windows except HijackThis and click Fix checked.


While still in Safe Mode*, delete the following: (you may need to show hidden files**)
(Files specified without a full path will be located in C:\Windows\ or C:\Windows\System32\)
C:\Program Files\Glaikj\ <--delete entire folder
C:\Program Files\winupdates\ <--delete entire folder
C:\windows\winsysupd11.exe
C:\windows\winsysban11.exe
C:\windows\gimmygames11.exe

*How to Boot into Safe mode: http://service1.symantec.com/SUPPORT/tsgen...001052409420406
**Show Hidden and System files and folders: http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.

Reboot in normal mode

Run HiJackThis again and post a new log in this thread.
crestedmango
Feb 26 2006, 03:13 AM
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:19:58 AM, 2/26/2006
+ Report-Checksum: 4930A842

+ Scan result:

HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Adware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccX.Installer\CLSID -> Adware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup
[672] C:\WINDOWS\system32\ikmpagnt.dll -> Adware.Look2Me : Error during cleaning
[788] C:\WINDOWS\system32\ikmpagnt.dll -> Adware.Look2Me : Error during cleaning
:mozilla.6:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Epilot : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.369:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.387:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.409:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.410:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.413:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.417:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.418:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.419:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.420:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.422:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.430:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.436:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies-1.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\5fr7f9eh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Findwhat : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Shev\Application
crestedmango
Feb 26 2006, 03:20 AM
:mozilla.278:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup
:mozilla.367:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.369:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.379:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.392:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.393:C:\Documents and Settings\Shev\Application Data\Mozilla\Firefox\Profiles\tt0d1a9n.Shev\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Shev\Cookies\shev@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Shev\Cookies\shev@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Shev\Cookies\shev@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Shev\Cookies\shev@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Shev\Local Settings\Temp\Cookies\shev@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Shev\Local Settings\Temp\Cookies\shev@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Shev\Local Settings\Temp\Cookies\shev@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Shev\Local Settings\Temp\temp.fr481F -> Adware.CommAd : Cleaned with backup
C:\Documents and Settings\Shev\Local Settings\Temp\temp.fr71DD -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Shev\Local Settings\Temp\temp.frE0B3 -> Adware.CommAd : Cleaned with backup
C:\Documents and Settings\Shev\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2FEBO9\gimmygames11[1].exe -> Downloader.Adload.u : Cleaned with backup
C:\Documents and Settings\Shev\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2FEBO9\winsysupd9[1].exe -> Downloader.VB.wy : Cleaned with backup
C:\Documents and Settings\Shev\Local Settings\Temporary Internet Files\Content.IE5\CGZOS2OD\winsysupd7[1].exe -> Downloader.VB.wg : Cleaned with backup
C:\Documents and Settings\Shev\Local Settings\Temporary Internet Files\Content.IE5\QJHBVR7M\winsysban7[1].exe -> Hijacker.VB.le : Cleaned with backup
C:\Program Files\Adverts\uninst.exe -> Adware.Lop : Cleaned with backup
C:\Program Files\Intotive\Cache\000012db_43e796c0_0002ab9b -> Downloader.IstBar.j : Cleaned with backup
C:\Program Files\Intotive\Cache\00007e87_43e796cd_00005bb6 -> Downloader.IstBar.j : Cleaned with backup
C:\RECYCLER\S-1-5-21-2491134386-3150088695-2853910116-1007\Dc1438.exe -> Downloader.VB.ww : Cleaned with backup
C:\RECYCLER\S-1-5-21-2491134386-3150088695-2853910116-1007\Dc1439.tmp -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\gimmygames11.exe -> Downloader.Adload.u : Cleaned with backup
C:\WINDOWS\winsysban9.exe -> Hijacker.VB.ld : Cleaned with backup
C:\WINDOWS\winsysupd9.exe -> Downloader.VB.wy : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 8:40:37 AM, on 2/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\cwh.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Motive\AsstCommon\motmon.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\windows\winsysban11.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Lifeline\bin\mpbtn.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\LVComS.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Shev\My Documents\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...sario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [MotiveMonitor] "C:\Program Files\Motive\AsstCommon\motmon.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Qqgvn] C:\Program Files\Glaikj\Ebujeas.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd11.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban11.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gimmygames] c:\\gimmygames11.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Lifeline.lnk = C:\Program Files\Digital Lifeline\bin\mpbtn.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA...e/bridge-c9.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\mvrol9931.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2hldiBBLg\command.exe
O23 - Service: cwh - Warranty Corporation of America - C:\WINDOWS\cwh.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
crestedmango
Feb 26 2006, 04:10 AM
Logfile of HijackThis v1.99.1
Scan saved at 9:34:14 AM, on 2/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\cwh.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Motive\AsstCommon\motmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Digital Lifeline\bin\mpbtn.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\LVComS.exe
C:\Documents and Settings\Shev\My Documents\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [MotiveMonitor] "C:\Program Files\Motive\AsstCommon\motmon.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Lifeline.lnk = C:\Program Files\Digital Lifeline\bin\mpbtn.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\lv4809hue.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: cwh - Warranty Corporation of America - C:\WINDOWS\cwh.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Next?
crestedmango
Feb 26 2006, 04:49 PM
Or is that it? Pleasehelp because, this thing not only pops up, but switches open browsers to it's sites.
LoPhatPhuud
Feb 26 2006, 07:54 PM
Download 'Autoruns' from here:
http://www.sysinternals.com/Utilities/Autoruns.html

Unzip to a folder and the double click on autoruns.exe

Wait until the program has finished running (the status line will show 'Ready')
Under the 'Options' menu, make sure that 'Include Empty Sections' is checked.
Wait again until ready.

Be sure the 'Everything' tab is selected.
Select 'File -> Save' and save the output file.

Copy the contents of the Autoruns text file and post its contents in this thread.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.