cmdService - It won't leave me alone!

[JustinSane07]

I can't for the life of me get rid of this stupid thing.

Spybot Report:
Command Service: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Command Service: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-05-26 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-05-26 Includes\Cookies.sbi (*)
2006-05-26 Includes\Dialer.sbi (*)
2006-05-26 Includes\Hijackers.sbi (*)
2006-05-26 Includes\Keyloggers.sbi (*)
2006-05-26 Includes\Malware.sbi (*)
2006-05-26 Includes\PUPS.sbi (*)
2006-05-26 Includes\Revision.sbi (*)
2006-05-26 Includes\Security.sbi (*)
2006-05-26 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-05-26 Includes\Trojans.sbi (*)

HiJackThis Report:
Logfile of HijackThis v1.99.1
Scan saved at 1:08:54 AM, on 5/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\WinZip\WZ.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mike\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B5E0E9A4-E591-4B81-BA7B-C08CB2CBB8B0} - C:\Program Files\ComPlus Applications\hosecus.dll
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Launch G-series Keyboard Profiler.lnk = C:\Program Files\Logitech\G-series Software\LGDCore.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microso.../TLIEFlash.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\ADIDDC.DLL (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

[Rawe]

Hello..

Lets get you up and running again.

==

Please download delcmdservice (by Marckie), and save it to your Desktop.

• Unzip the content to your Desktop (a folder named delcmdservice)
• Double-click on the delcmdservice folder
• Double-click on delreg.bat to launch the tool
• When the tool has finished, please reboot your computer.

==

Next:

Please download Look2Me-Destroyer to your desktop.

• Double-click Look2Me-Destroyer.exe to run it.
• Put a check next to Run this program as a task.
• You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
• When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
• Once it's done scanning, click the Remove L2M button.
• You will receive a Done Scanning message, click OK.
• When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
• Your computer will then shutdown.
• Turn your computer back on.
• Please post the contents of C:\Look2Me-Destroyer.txt and a fresh HiJackThis log.

If Look2Me-Destroyer does not reopen automatically, reboot and try again.

[JustinSane07]

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 5/28/2006 10:53:05 AM

Infected! C:\WINDOWS\system32\ADIDDC.DLL

Attempting to delete infected files...

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Explorer

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6D8D199D-A0F8-4C18-8100-C1D5FC6D3483}"
HKCR\Clsid\{6D8D199D-A0F8-4C18-8100-C1D5FC6D3483}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

Logfile of HijackThis v1.99.1
Scan saved at 10:59:13 AM, on 5/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\LcdStudio\ks0108Native.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mike\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Launch G-series Keyboard Profiler.lnk = C:\Program Files\Logitech\G-series Software\LGDCore.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microso.../TLIEFlash.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

That IPWins.exe file looks suspicious to me.

[Rawe]

Lets continue

Go ahead and delete Look2Me-Destroyer aswell as delcmdservice.

==

It is. Through Add/Remove programs, uninstall the following entry if present:

IpWins

Don't get concerned if it is not listed. Now, delete the following folder:

C:\Program Files\ipwins

Empty recycle bin.

Run a scan with HijackThis and check the following object for removal if present:

O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe

Close ALL other open windows except for HijackThis and hit FIX CHECKED. Close HijackThis.

==

Finally:

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.

[JustinSane07]

Incident Status Location

Adware:Adware/NewAds Not disinfected C:\Program Files\Ventrilo\SwitchBindings.exe
Spyware:spyware/marketscore Not disinfected c:\windows\system32\rk.bin
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/dollarrevenue Not disinfected c:\windows\drsmartload45a.exe
Spyware:spyware/new.net Not disinfected c:\windows\NDNuninstall7_22.exe
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/memorywatcher Not disinfected Windows Registry
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ax7uqn4c.Default User\cookies.txt[stat.onestat.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ax7uqn4c.Default User\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.overture.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.com.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.888.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.adtech.de/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.kinghost.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.microsoftwga.112.2o7.net/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.www.myaffiliateprogram.com/]

[JustinSane07]

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[c.goclick.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[server.iad.liveperson.net/hc/71875316]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt[server.iad.liveperson.net/hc/88270523]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-53a5f306-535573f9.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-53a5f306-535573f9.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-53a5f306-535573f9.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-53a5f306-535573f9.zip[Beyond.class]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mike\Cookies\mike@2o7[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Mike\Cookies\mike@888[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Mike\Cookies\mike@888[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mike\Cookies\mike@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Mike\Cookies\mike@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mike\Cookies\mike@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mike\Cookies\mike@adrevolver[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mike\Cookies\mike@advertising[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Mike\Cookies\mike@as-eu.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Mike\Cookies\mike@as-us.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mike\Cookies\mike@atdmt[2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Mike\Cookies\mike@banners.searchingbooth[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mike\Cookies\mike@belnk[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Mike\Cookies\mike@bfast[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Mike\Cookies\mike@c.enhance[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Mike\Cookies\mike@cassava[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mike\Cookies\mike@com[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mike\Cookies\mike@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mike\Cookies\mike@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mike\Cookies\mike@fastclick[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Mike\Cookies\mike@go[1].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Mike\Cookies\mike@hc2.humanclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Mike\Cookies\mike@hitbox[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Mike\Cookies\mike@i.screensavers[1].txt

[JustinSane07]

Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Mike\Cookies\mike@kmpads[2].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Mike\Cookies\mike@linksynergy[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Mike\Cookies\mike@maxserving[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mike\Cookies\mike@media.fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Mike\Cookies\mike@mediaplex[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mike\Cookies\mike@microsoftwga.112.2o7[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mike\Cookies\mike@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mike\Cookies\mike@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mike\Cookies\mike@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Mike\Cookies\mike@revenue[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Mike\Cookies\mike@server.iad.liveperson[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Mike\Cookies\mike@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Mike\Cookies\mike@stats1.reliablestats[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Mike\Cookies\mike@statse.webtrendslive[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Mike\Cookies\mike@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mike\Cookies\mike@tribalfusion[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Mike\Cookies\mike@www.burstbeacon[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Mike\Cookies\mike@www.myaffiliateprogram[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Mike\Cookies\mike@zedo[2].txt
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\!update.exe
Adware:Adware/Qoologic Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\f2271484.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\i1F.tmp
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\i65.tmp
Virus:Trj/Downloader.AYV Disinfected C:\Documents and Settings\Mike\Local Settings\Temp\pre.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\sdexe.exe
Adware:Adware/YazzleSudoku Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\uninstaller.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\InetGet2\emg2.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\InetGet2\webhost2.exe
Adware:Adware/NewAds Not disinfected C:\Program Files\Windows\WinUpdate.exe
Virus:Trj/Downloader.HPZ Not disinfected C:\WINDOWS\pf78.exe[pms111x.exe]
Virus:Trj/VB.MC Not disinfected C:\WINDOWS\pf78.exe[SYSC00.exe]
Spyware:Spyware/MarketScore Not disinfected C:\WINDOWS\system32\rlls.dll
Spyware:Spyware/MarketScore Not disinfected C:\WINDOWS\system32\rlvknlg.exe
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\VSL03.exe[VSL.dl_]
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\VSL05.exe[VSL.dl_]
Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\system32\ZICORN003.exe
Adware:Adware/ConsumerAlertSystem Not disinfected C:\WINDOWS\visfx500.exe

[JustinSane07]

Okay, I just ran my copy of Norton Corporate 8.1.1 and it picked up on 5 viruses that I had permanantly deleted.

[Rawe]

Ok then, lets continue

==

Please print these instructions out, or write them down, as you can't read them during the fix.

1. Please download the trial version of Ewido Anti-malware here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

==

2. Please download Brute Force Uninstaller to your desktop.

• Right-click the BFU folder on your desktop, and choose Extract All
• Click "Next"
• In the box to choose where to extract the files to,
• Click "Browse"
• Click on the + sign next to "My Computer"
• Click on "Local Disk (C: ) or whatever your primary drive is
• Click "Make New Folder"
• Type in BFU
• Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

==

4. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only.

Do not do anything with these yet!

==

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

==

5. Run ATF-Cleaner:

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

==

6. Run Ewido:

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Close Ewido anti-malware.

==

7. Then, please go to Start > My Computer and navigate to the C:\BFU folder.

• Start the Brute Force Uninstaller by double-clicking BFU.exe
• Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
• Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
• Wait for the Complete script execution box to pop up and hit OK.
• Press Exit to terminate the BFU program.

Reboot into normal Windows and post the contents of Ewido log that you saved along with a fresh HiJackThis log.

[JustinSane07]

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:04:44 PM, 5/29/2006
+ Report-Checksum: E570AD5B

+ Scan result:

:mozilla.6:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ax7uqn4c.Default User\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ax7uqn4c.Default User\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ax7uqn4c.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ax7uqn4c.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ax7uqn4c.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ax7uqn4c.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\kd3603km.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup