Logfile of HijackThis v1.99.1 Scan saved at 23:35:20, on 01/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\atwtusb.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\lycos\Lyc_SysTray.exe C:\PROGRA~1\MSNMES~1\msnmsgr.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\QUICKENW\QWDLLS.EXE C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wisptis.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\atmclk.exe C:\Documents and Settings\L\Desktop\HijackThis_v1.99.1.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp104.tmp O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Rcjezflu] C:\Program Files\Nudp\Hphb.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [lycosInside] C:\Program Files\lycos\Lyc_SysTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c5.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f006.mail.lycos.co.uk/app/uploader/FileUploader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe Really hacked off with this now (no pun intended, just trying not to swear) All help gratefully received as AdAware doesn't sort it
Hi Ellem. Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip Unzip it (folder named SmitFraudFix) to your desktop: Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist) Post the contents of this textfile to here. (Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)
Hiya. This is the logfile: SmitFraudFix v2.65 Scan done at 10:44:44.28, 02/07/2006 Run from C:\Documents and Settings\L\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\hp???.tmp FOUND ! C:\WINDOWS\system32\hp????.tmp FOUND ! C:\WINDOWS\system32\ld????.tmp FOUND ! C:\WINDOWS\system32\migicons.exe FOUND ! C:\WINDOWS\system32\ot.ico FOUND ! C:\WINDOWS\system32\regperf.exe FOUND ! C:\WINDOWS\system32\simpole.tlb FOUND ! C:\WINDOWS\system32\stdole3.tlb FOUND ! C:\WINDOWS\system32\ts.ico FOUND ! C:\WINDOWS\system32\1024\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\L\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\L\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop C:\DOCUME~1\L\Desktop\access FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="131A6951-7F78-11D0-A979-00C04FD705A2" "SubscribedURL"="131A6951-7F78-11D0-A979-00C04FD705A2" "FriendlyName"="Internet Explorer Channel Bar" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{af3fd9a8-1287-4159-9212-9a5b4494af70}"="ecosystems" [HKEY_CLASSES_ROOT\CLSID\{af3fd9a8-1287-4159-9212-9a5b4494af70}\InProcServer32] @="C:\WINDOWS\system32\guxxa.dll" [HKEY_CURRENT_USER\Software\Classes\CLSID\{af3fd9a8-1287-4159-9212-9a5b4494af70}\InProcServer32] @="C:\WINDOWS\system32\guxxa.dll" »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Thanks again. Think I do have malware because I keep getting ad popups :-/
Hi again lets get you cleaned then You don't have a firewall on your computer. Download and install one firewall. These are good (free) firewalls: ZoneAlarm --> http://www.zonelabs.com Kerio--> http://www.sunbelt-software.com/Kerio.cfm Outpost-> http://www.agnitum.com If you used windows firewall, disable it after installing new firewall. Cleaning instructions: Move HijackThis into its own folder C:\HJT -> Open Ewido Anti-Spyware -> Click the Update icon at the top of the window -> Click the Start update button -> Wait for the update to download and install -> Quit the program, we'll use this later. Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1 Do NOT run yet. Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked O4 - HKLM\..\Run: [Rcjezflu] C:\Program Files\Nudp\Hphb.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c5.cab Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml Delete these folders (if found): C:\Program Files\Nudp Run ATF Cleaner -> Check select all -> Press Empty selected When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files. You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys. The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter". The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode. A textfile will appear after the cleaning process, copy this file and paste it to here. Tha log is saved to your local diskdrive, usually C:\rapport.txt. Warning : Running option 2 in a clean computer will delete your desktop wallpaper. -> Open Ewido Anti-Spyware -> Click the Scanner icon at the top of the window -> Click the Settings tab then select Recommended Options and choose Quarantine -> Click the Scan tab -> Select Complete System Scan. The scanning begins. -> When the scan has completed: -> If infections were found you'll be prompted about what to do. -> Please make sure that the Set all elements to is set to Quarantine (in downleft corner of the window) -> Then press Apply all actions and answer yes to all if it asks about something -> Click on the Save Scan Report button and save the scan to your Desktop. -> Copy and paste the scan results into your next post Post the following logs to here: -> a fresh HijackThis log -> Ewido's log -> contents of C:\Rapport.txt
Here are the scans: --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 15:24:18 02/07/2006 + Scan result: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{215DD3D5-0426-4CEE-B422-C27E0DAB2E7F}\RP260\A0053044.exe -> Downloader.Zlob.vy : Cleaned with backup (quarantined). C:\temp\ZCWEDowST3.exe -> Dropper.Agent.rs : Cleaned with backup (quarantined). :mozilla.248:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined). :mozilla.249:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined). :mozilla.100:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.101:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.102:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.103:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.505:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.506:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.538:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.610:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.682:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.88:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.89:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.90:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.91:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.92:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.93:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.945:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.94:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.95:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.96:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.97:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.98:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.99:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\L\Local Settings\Temp\Cookies\l@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.271:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined). :mozilla.272:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined). :mozilla.273:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined). :mozilla.274:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined). :mozilla.49:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined). :mozilla.52:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined). :mozilla.322:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). :mozilla.323:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). :mozilla.324:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). :mozilla.325:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). :mozilla.326:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). :mozilla.318:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup (quarantined). :mozilla.71:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined). :mozilla.473:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined). :mozilla.339:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined). :mozilla.550:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined). :mozilla.175:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined). :mozilla.176:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined). :mozilla.177:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined). C:\Documents and Settings\L\Local Settings\Temp\Cookies\l@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined). :mozilla.17:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). :mozilla.18:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). :mozilla.19:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). :mozilla.20:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). :mozilla.21:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). :mozilla.22:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). :mozilla.23:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). :mozilla.33:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined). :mozilla.716:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined). :mozilla.35:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined). C:\Documents and Settings\L\Local Settings\Temp\Cookies\l@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined). :mozilla.540:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Counted : Cleaned with backup (quarantined). :mozilla.50:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined). :mozilla.223:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.237:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.377:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.382:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.383:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.384:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.385:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.386:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.387:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.388:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.391:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.392:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.398:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.399:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.400:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.420:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.484:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.494:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.495:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.496:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.497:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.499:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.500:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.556:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.592:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.593:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.594:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.596:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.597:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.598:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.599:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.600:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.601:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.602:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.604:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.605:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.615:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.616:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.617:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.618:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.619:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.620:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.621:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.635:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.636:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.641:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.691:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.692:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.880:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.934:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.946:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.949:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.955:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.956:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.974:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.980:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\L\Local Settings\Temp\Cookies\l@e-2dj6wfl4oldzmhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\L\Local Settings\Temp\Cookies\l@e-2dj6wjl4epczoeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.159:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined). :mozilla.161:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined). :mozilla.163:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined). :mozilla.171:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined). :mozilla.172:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined). :mozilla.180:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.181:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.182:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.183:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.196:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.197:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.198:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.199:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.24:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined). :mozilla.25:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined). :mozilla.26:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined). :mozilla.27:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined). :mozilla.227:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined). :mozilla.402:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined). :mozilla.410:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined). :mozilla.241:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.242:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.243:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.488:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.607:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.625:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.626:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.815:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.824:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.864:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.923:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.924:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.446:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined). :mozilla.447:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined). :mozilla.448:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined). :mozilla.449:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined). :mozilla.901:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup (quarantined). :mozilla.876:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned with backup (quarantined). :mozilla.877:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned with backup (quarantined). :mozilla.878:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned with backup (quarantined). :mozilla.304:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined). :mozilla.305:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined). :mozilla.306:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined). :mozilla.853:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined). :mozilla.854:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined). :mozilla.15:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined). :mozilla.16:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined). :mozilla.746:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined). :mozilla.748:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined). :mozilla.749:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined). C:\Documents and Settings\L\Local Settings\Temp\Cookies\l@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup (quarantined). :mozilla.569:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined). :mozilla.570:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined). :mozilla.571:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined). :mozilla.396:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined). :mozilla.397:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined). :mozilla.345:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined). :mozilla.346:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined). :mozilla.347:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined). C:\Documents and Settings\L\Local Settings\Temp\Cookies\l@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined). :mozilla.734:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined). :mozilla.341:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.342:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.343:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.344:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.348:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.267:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.340:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.539:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.555:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.821:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.920:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.921:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.965:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.905:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined). :mozilla.906:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined). :mozilla.907:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined). :mozilla.900:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup (quarantined). :mozilla.132:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.135:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.136:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.137:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.138:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.139:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.140:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.141:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.142:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.143:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.144:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.145:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.146:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.147:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.148:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.149:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.150:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.151:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.200:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined). :mozilla.201:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined). :mozilla.202:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined). :mozilla.303:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined). C:\Documents and Settings\L\Local Settings\Temp\Cookies\l@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined). :mozilla.475:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined). :mozilla.476:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined). :mozilla.477:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined). :mozilla.856:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined). :mozilla.857:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined). :mozilla.75:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined). :mozilla.763:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined). :mozilla.764:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined). :mozilla.765:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined). :mozilla.766:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined). :mozilla.767:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined). :mozilla.768:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined). :mozilla.478:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined). :mozilla.479:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined). :mozilla.639:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined). :mozilla.640:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined). :mozilla.48:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined). :mozilla.675:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined). :mozilla.676:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined). :mozilla.269:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined). :mozilla.358:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.359:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.360:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.361:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.362:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.363:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.364:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.365:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.366:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.367:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.368:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.369:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.370:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.371:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.372:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). C:\Documents and Settings\L\Local Settings\Temp\Cookies\l@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.662:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined). :mozilla.663:C:\Documents and Settings\L\Application Data\Mozilla\Firefox\Profiles\09m8lmlv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{215DD3D5-0426-4CEE-B422-C27E0DAB2E7F}\RP260\A0053074.exe -> Trojan.Small.cy : Cleaned with backup (quarantined). ::Report end Logfile of HijackThis v1.99.1 Scan saved at 15:26:17, on 02/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\atwtusb.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\lycos\Lyc_SysTray.exe C:\PROGRA~1\MSNMES~1\msnmsgr.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\QUICKENW\QWDLLS.EXE C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\HJT\HijackThis_v1.99.1.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [lycosInside] C:\Program Files\lycos\Lyc_SysTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f006.mail.lycos.co.uk/app/uploader/FileUploader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe SmitFraudFix v2.65 Scan done at 13:11:53.08, 02/07/2006 Run from C:\Documents and Settings\L\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files Problem while deleting C:\DOCUME~1\L\Desktop\access »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Thanks a lot for all your help
Ok, almost clean... Restart your computer to the safemode and choose your normal user account -> http://www.pchell.com/support/safemode.shtml When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files. You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys. The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter". The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode. A textfile will appear after the cleaning process, copy this file and paste it to here. Tha log is saved to your local diskdrive, usually C:\rapport.txt. Warning : Running option 2 in a clean computer will delete your desktop wallpaper. Post a fresh HijackThis log and the contents of C:\Rapport.txt to here
Logfile of HijackThis v1.99.1 Scan saved at 17:15:36, on 03/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\atwtusb.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\lycos\Lyc_SysTray.exe C:\PROGRA~1\MSNMES~1\msnmsgr.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\QUICKENW\QWDLLS.EXE C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\HJT\HijackThis_v1.99.1.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [lycosInside] C:\Program Files\lycos\Lyc_SysTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f006.mail.lycos.co.uk/app/uploader/FileUploader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe SmitFraudFix v2.65 Scan done at 17:09:49.63, 03/07/2006 Run from C:\Documents and Settings\L\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files Problem while deleting C:\DOCUME~1\L\Desktop\access »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Thanks for all your help with this. You're fab
Hi again. There is this one entry that won't go away... Lets try with the latest version of smitfraudfix... Remove the old version of SmitfraudFix and download the latest version (2.67) from here -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip Unzip it (folder named SmitFraudFix) to your desktop. Restart your computer to the safemode and choose your normal user account -> http://www.pchell.com/support/safemode.shtml When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files. You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys. The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter". The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode. A textfile will appear after the cleaning process, copy this file and paste it to here. Tha log is saved to your local diskdrive, usually C:\rapport.txt. Warning : Running option 2 in a clean computer will delete your desktop wallpaper.
Hiya, This is the Smitfraud Fix log now: SmitFraudFix v2.67 Scan done at 17:25:01.43, 04/07/2006 Run from C:\Documents and Settings\L\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End
Ok looks clean now Now we can clean Ewidos Quarantine: -> Run Ewido -> Click "Infections" -> Click "Select All" -> Click "Remove finally" -> Close Ewido Make your hidden files hidden again. You should update your Java (old version has all kinds of vulnerabilities) 1. Click "Start"-> "Control panel" -> Double-click Java icon (coffee cup) 2. Move to "Update" tab and update Java by clicking "Update Now". After that do a restart. 3. If you can't make automatic update, get new version manually from here -> http://www.java.com/en/download/manual.jsp 4. After updating, uninstall the old Java (if found) from Add/Remove Programs, named as J2SE Runtime Environment 5.0 Update 6 Now that you're clean, here are some tips how to stay clean. -> Stand Up and Be Counted, Malware Complaints -> http://www.malwarecomplaints.info The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware. -> Clear your system restore -> http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx This will clear the system restore folders from possible malware that was left behind during the cleaning process. Remember to create a new restore point after the cleaning. -> Use CCleaner -> http://www.ccleaner.com Download and install CCleaner. Clean your registry and temporary files with it regularly. -> Use Ad-Aware -> http://www.bleepingcomputer.com/forums/?showtutorial=48 Download and install Ad-Aware. Update it and scan your computer regularly with it. -> Use Ewido -> http://www.ewido.net/en Download and install Ewido. Update it and scan your computer regularly with it. -> Install SpywareBlaster -> http://www.javacoolsoftware.com/spywareblaster.html SpywareBlaster will prevent spyware from being installed to your computer. -> Install MVPS Hosts file -> http://mvps.org/winhelp2002/hosts.htm This prevents your computer from connecting to harmful sites. -> Change your browser to Firefox -> http://www.mozilla.org Firefox is faster, safer and quicker browser than Internet Explorer. -> Keep your systen up-to-date -> http://windowsupdate.microsoft.com Visit Windows Update regularly. -> Keep your antivirus and firewall up-to-date Scan your computer regularly with your antivirus. -> Read this article by TonyKlein -> http://castlecops.com/postlite7736-.html So how did I get infected in the first place? Stay clean
