Member Avatar for Crissa86

So here goes, I have no idea what I am doing. I tried to read other responses to others with this same/similar problem but got lost on the way. I stupidly clicked on the link that asks something along the lines of, "Hey, is it okay if I put this pic of you up on MySpace or Facebook?" and then figured it was a virus. I did the HijackThis thing and if anyone could help, I'd be soooo grateful!!!! Here is my long:

Logfile of HijackThis v1.99.1
Scan saved at 11:05:08 PM, on 4/27/2006
Platform: Windows XP SP2 (WinNT

5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program

Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\CA\eTrust EZ

Armor\eTrust

Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ

Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ

Armor\eTrust EZ Antivirus\CAVTray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\CA\eTrust EZ

Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\regsvr32.exe
C:\Program Files\Common

Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\eTrust EZ

Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Mozilla

Firefox\firefox.exe
C:\DOCUMENTS AND SETTINGS\ROBERTA NAD

AARON\DESKTOP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://red.clientapps.yahoo.com/customiz

e/ycomp/defaults/sb/*http://www.yahoo.co

m/search/ie.html
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://red.clientapps.yahoo.com/customiz

e/ycomp/defaults/sp/*http://www.yahoo.co

m
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://red.clientapps.yahoo.com/customiz

e/ie/defaults/sb/ymsgr6/*http://www.yaho

o.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://red.clientapps.yahoo.com/customiz

e/ie/defaults/su/ymsgr6/*http://www.yaho

o.com
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat

6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client]

"C:\Program Files\CA\eTrust EZ

Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [TkBellExe]

"C:\Program Files\Common

Files\Real\Update_OB\realsched.exe"

-osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched]

C:\Program

Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [QOELOADER]

"C:\Program Files\CA\eTrust EZ

Armor\eTrust

Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [MW1HelperStartUp]

C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE

/partner MW1
O4 - HKLM\..\Run: [Lexmark X74-X75]

"C:\Program Files\Lexmark

X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe

"C:\Program

Files\AIM\\DeadAIM.ocm",ExportedCheckODL

s
O4 - HKLM\..\Run: [CAVRID] "C:\Program

Files\CA\eTrust EZ Armor\eTrust EZ

Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program

Files\CA\eTrust EZ Armor\eTrust EZ

Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [AlcxMonitor]

ALCXMNTR.EXE
O4 - HKCU\..\Run: [Yahoo! Pager]

"C:\Program

Files\Yahoo!\Messenger\ypager.exe"

-quiet
O4 - HKCU\..\Run: [AIM] C:\Program

Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft

Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to

Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCE

L.EXE/3000
O9 - Extra button: AIM -

{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF:

{17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation

Tool) -

http://go.microsoft.com/fwlink/?linkid=3

9204
O23 - Service: CAISafe - Computer

Associates International, Inc. -

C:\Program Files\CA\eTrust EZ

Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Microsoft DLL

Registration Component (DLLReg) -

Unknown owner - C:\WINDOWS\regsvr32.exe
O23 - Service: LexBce Server (LexBceS) -

Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: VET Message Service

(VETMSGNT) - Computer Associates

International, Inc. - C:\Program

Files\CA\eTrust EZ Armor\eTrust EZ

Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet

Monitor (vsmon) - Zone Labs Inc. -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

  • 3 Contributors
  • 14 Replies
  • 410 Views
  • 4 Days Discussion Span
  • Latest Post Latest Post by 'Stein
Member Avatar for 'Stein

If ya could repost the log without all the line spaces inbetween each entry, it'd be great.

Thanks.

Member Avatar for Nooro

I'm sorry I can't for the life of me figure out how to post a new thread so if the original poster wouldn't mind i have the same problem with the Aim/Facebook myspace picture link that I clicked on. here is my hijack now profile, any help would be greatly appreciated, thank you, and sorry again:

Logfile of HijackThis v1.99.1
Scan saved at 12:54:20 PM, on 4/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\regsvr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\1108683599\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\jccorj.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0\waol.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\accwiz.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tina Jadhav\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.american.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Tina Jadhav\Application Data\Mozilla\Profiles\default\hlsplhdl.slt\prefs.js)
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\ceres.dll
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Bar - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:\WINDOWS\DOWNLO~1\search3.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SDWin32 Class - {DB897FC3-BD8A-4571-85A8-42F12221DCB6} - C:\WINDOWS\System32\enyrs.dll (file missing)
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Search Bar - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:\WINDOWS\DOWNLO~1\search3.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [tgcmd] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108683599\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [fjdywyt] c:\windows\system32\mitpoap.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [jccorj] c:\windows\system32\jccorj.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Ebates - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://aumail3.american.edu/iNotes6.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02c8f0cee8c5bac69201/netzip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140436147225
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Microsoft DLL Registration Component (DLLReg) - Unknown owner - C:\WINDOWS\regsvr32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Member Avatar for 'Stein

Nooro.

Go here and look for a button above the list of posts that says 'Start a new Thread'

Thanks.

Member Avatar for Crissa86

That's weird, I don't know why it did that, but here goes again!! thanks again for the help!!!

Logfile of HijackThis v1.99.1
Scan saved at 11:05:08 PM, on 4/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\regsvr32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUMENTS AND SETTINGS\ROBERTA NAD AARON\DESKTOP\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Microsoft DLL Registration Component (DLLReg) - Unknown owner - C:\WINDOWS\regsvr32.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


hopefully this one works!!

Member Avatar for 'Stein

Alrite great.

Let's run this first:

1.Please download AIMFix from here.

2. Run the program

3. REBOOT your system

4. Post back a new HJT log

Thanks.

Member Avatar for Crissa86

New HJT Log


Logfile of HijackThis v1.99.1
Scan saved at 12:08:53 AM, on 4/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Roberta nad Aaron\Desktop\HijackThis.exe
C:\WINDOWS\system32\msiexec.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Member Avatar for 'Stein

Hmm, don't see it in the log anymore. In fact, the log's clean.

Begin by downloading Ewido Security Suite.

  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click Update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display "Update successful"
  • Click on Scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.

Now, post the scan log back here, and we'll verify you're clean.

Thanks.

Member Avatar for Crissa86

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:24:59 PM, 4/30/2006
+ Report-Checksum: 57E354D2

+ Scan result:

HKU\S-1-5-21-1085031214-448539723-725345543-1004\Software\Yahoo\Pager\profiles\killntreez420\FriendTree -> Adware.LOP : Cleaned with backup
HKU\S-1-5-21-1085031214-448539723-725345543-1004\Software\Yahoo\Pager\profiles\killntreez420\FriendTree\CollapsedGroups -> Adware.LOP : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.378:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.379:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.397:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.398:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.413:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.414:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.415:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.416:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.417:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.438:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.455:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.457:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.460:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.485:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.506:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.514:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.525:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.532:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.533:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.534:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.535:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.536:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.537:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.538:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.540:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.541:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.545:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.548:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.566:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.567:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.573:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.577:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.578:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.579:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.630:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.631:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.632:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.633:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.637:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.638:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.763:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.764:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.766:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Bluemountain : Cleaned with backup
:mozilla.797:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.803:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.823:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.843:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.844:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.845:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.860:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.863:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.868:C:\Documents and Settings\Roberta nad Aaron\Application Data\Mozilla\Firefox\Profiles\ryx9p9s9.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Roberta nad Aaron\Application Data\Netscape\NSB\Profiles\3s415eye.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Roberta nad Aaron\Application Data\Netscape\NSB\Profiles\3s415eye.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Roberta nad Aaron\Application Data\Netscape\NSB\Profiles\3s415eye.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Roberta nad Aaron\Application Data\Netscape\NSB\Profiles\3s415eye.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Roberta nad Aaron\Application Data\Netscape\NSB\Profiles\3s415eye.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Roberta nad Aaron\Application Data\Netscape\NSB\Profiles\3s415eye.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Roberta nad Aaron\Desktop\aimfix_quarantine\13120_regsvr32.exe.bak -> Backdoor.SdBot.aad : Error during cleaning
C:\Program Files\Common Files\aqqlclcr\aeopqnreoa\stpsnbsmc.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\aqqlclcr\rftpbaua\flpunamd.exe -> Adware.Gator : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup


::Report End

Member Avatar for 'Stein

Hmm ok, let's do this.

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files".
9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Reboot into safe mode, and delete the following folder (it should be on the desktop):

C:\Documents and Settings\Roberta nad Aaron\Desktop\aimfix_quarantine

Now be SURE to empty the Recycle Bin.

Reboot into normal mode, and then download and run SpySweeper (link in my sig below).

Run a full scan, saving the log.

Post back here with the SpySweeper log and a new HJT log.

Thanks.

Member Avatar for Crissa86

I can't save my sweep log. Is the only was to save it if you buy the software?? A few things did come up but I have no idea what I'm doing. I super appreciate all of you help by the way.

P.S. The link in you signiture didn't work for me.

Member Avatar for 'Stein

Arg, alrite. After looking into it, SpySweeper has released a new version, one that doesnt allow for a trial mode anymore. Damn.

Did ya happen to do the other part tho?

Lastly, are ya still having problems?

Thanks.

Member Avatar for Crissa86

umm...for the most part everything is fine now...no one has responded with, ah sure but what was the pic or anything so....THANKS AGAIN!! and yes i did do the safe mode reboot and delete that stuff
~Crissa

Member Avatar for Crissa86

I almost forgot...when I did run the SpySweeper scan, a few things did come up...I just couldn't save them in a log. How do I delete them if they are not in my Add/Remove Programs List???

Member Avatar for 'Stein

Hmm, well most likely, they're tracking cookies, which, for the most part are harmless.

What is a good idea to do, however, is run CCleaner every week or so.

Directions for this:


Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to the 'Windows' tab. Inside, check the box labeled 'Custom Files and Folders'.

Next, after following all of these steps, you're ready to scan. Run scans in both the 'Cleaner' and 'Issues'. Note: It might take several scans in each to remove all of the junk.

After this:

We need to re hide system files. To do so, please follow the steps below:

  1. Double-click My Computer.
  2. Click the Tools menu, and then click Folder Options.
  3. Click the View tab.
  4. Put a check by "Hide file extensions for known file types."
  5. Under the "Hidden files" folder, select "Show hidden files and folders."
  6. Check "Hide protected operating system files."
  7. Click Apply, and then click OK.

O ya, and if ya could mark the thread as solved, it'd be great.

Thanks again.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.