View Full Version : Smitfraud-C.Toolbar888
I'm getting Smifraud-C.Toolbar888 detected everytime I run SpyBot. I've run VundoFix, HijackThis, and SmitfraudFix. Since there's too much text, I'm posting it in two separate posts.
VundoFix V6.3.20
Checking Java version...
Java version is 1.4.2.1
Old versions of java are exploitable and should be removed.
Scan started at 10:00:46 PM 4/26/2007
Listing files found while scanning....
C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\system32\nmllm.bak1
C:\WINDOWS\system32\nmllm.bak2
C:\WINDOWS\system32\nmllm.ini
C:\WINDOWS\system32\nmllm.ini2
C:\WINDOWS\system32\nmllm.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\system32\mllmn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nmllm.bak1
C:\WINDOWS\system32\nmllm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\nmllm.bak2
C:\WINDOWS\system32\nmllm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\nmllm.ini
C:\WINDOWS\system32\nmllm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\nmllm.ini2
C:\WINDOWS\system32\nmllm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\nmllm.tmp
C:\WINDOWS\system32\nmllm.tmp Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 10:43:34 PM, on 4/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Monsoon Multimedia\Drivers\havasvc.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\retadpu2000219.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
D:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\lisa\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.att.net/ie4/search/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;https=localhost:8080
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\lisa\Application Data\Mozilla\Profiles\default\m7bx443e.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\lisa\Application Data\Mozilla\Profiles\default\m7bx443e.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {3247F143-B5B5-4B90-BCA6-C1C3F7C31505} - C:\WINDOWS\system32\algapejd.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AB6D6620-B82B-4128-BA9B-31C15CFB3215} - C:\WINDOWS\system32\mllmn.dll (file missing)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\fcdnklju.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "D:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\mbikkjms.dll",realset
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /M "Stylus Photo RX500" /EF "HKCU"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099090720109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160826003812
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: HAVA Service (havasvc) - Monsoon Multimedia Inc. - C:\Program Files\Monsoon Multimedia\Drivers\havasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
See next post for SmitfraudFix.
SmitFraudFix v2.171
Scan done at 22:46:05.03, Thu 04/26/2007
Run from C:\Documents and Settings\lisa\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Monsoon Multimedia\Drivers\havasvc.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\retadpu2000219.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
D:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\lisa
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\lisa\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\lisa\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/1000 CT Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 43.134.195.10
Description: Intel(R) PRO/1000 CT Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{058CFDC8-8AE1-4C28-9F4B-A9D20414426F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DF87B2C8-200D-4C61-8398-1737D6B0853F}: DhcpNameServer=43.134.195.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{058CFDC8-8AE1-4C28-9F4B-A9D20414426F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DF87B2C8-200D-4C61-8398-1737D6B0853F}: DhcpNameServer=43.134.195.10
HKLM\SYSTEM\CS2\Services\Tcpip\..\{058CFDC8-8AE1-4C28-9F4B-A9D20414426F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DF87B2C8-200D-4C61-8398-1737D6B0853F}: DhcpNameServer=43.134.195.10
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
I'm running Norton Internet Security and Norton Antivirus. Firefox is my default browser.
What do I do next?
Thanks.
Hello and welcome to the Forums :)
You're infected.
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Below is the log file. FYI, it set off my Norton Internet security at the very end. Also, it appears to have changed my default browser from Firefox to IE. I won't change anything unless you tell me to.
Thanks.
"lisa" - 07-05-01 17:53:09 Service Pack 2
ComboFix 07-04-25.4V - Running from: "D:\lisa\My Documents\Downloads\Security\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
((((((((((((((((((((((((((((((( Files Created from 2007-04-01 to 2007-05-01 ))))))))))))))))))))))))))))))))))
2007-04-28 06:28 <DIR> d-------- C:\DOCUME~1\lisa\.housecall6.6
2007-04-27 21:18 <DIR> d-------- C:\DOCUME~1\lisa\APPLIC~1\Lavasoft
2007-04-27 21:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-26 22:46 4,478 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-26 22:00 <DIR> d-------- C:\VundoFix Backups
2007-04-26 19:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-26 19:22 642,761 --a------ C:\Temp\gorPUS.exe
2007-04-26 19:22 <DIR> d--h----- C:\Temp\17O7
2007-04-26 19:22 <DIR> d-------- C:\WINDOWS\system32\smpi1
2007-04-26 19:16 <DIR> d-------- C:\DOCUME~1\lisa\APPLIC~1\SpywareBot
2007-04-25 18:44 <DIR> d-------- C:\DOCUME~1\2kids\APPLIC~1\Talkback
2007-04-25 18:35 <DIR> d-------- C:\DOCUME~1\2kids\APPLIC~1\Thunderbird
2007-04-25 13:22 132,660 --a------ C:\WINDOWS\system32\mbikkjms.dll
2007-04-24 22:57 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-04-15 13:36 <DIR> d-------- C:\Program Files\iPod
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-01 17:50 -------- d-------- C:\Program Files\mozilla thunderbird
2007-04-15 13:26 -------- d-------- C:\Program Files\quicktime
2007-03-17 09:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-12 19:35 -------- d-------- C:\Program Files\quicken
2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-06 20:42 -------- d-------- C:\Program Files\itsdeductible2005
2007-03-06 20:41 -------- d-------- C:\Program Files\turbotax
2007-03-06 08:17 -------- d-------- C:\Program Files\symantec
2007-03-06 08:16 48776 --a------ C:\WINDOWS\system32\s32evnt1.dll
2007-03-06 08:16 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-02-27 18:49 53248 --a------ C:\WINDOWS\palmdevc.dll
2007-02-05 16:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{AB6D6620-B82B-4128-BA9B-31C15CFB3215} C:\WINDOWS\system32\mllmn.dll [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"sHotKey"="\"C:\\Program Files\\SONY\\sHotKey\\sHotKey.exe\""
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"ZTgServerSwitch"="\"c:\\program files\\support.com\\client\\bin\\tgcmd.exe\" /server"
"AGRSMMSG"="AGRSMMSG.exe"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"VAIO Recovery"="C:\\WINDOWS\\Sonysys\\VAIO Recovery\\PartSeal.exe"
"QuickFinder Scheduler"="\"D:\\Program Files\\Corel\\WordPerfect Office 2002\\Programs\\QFSCHD100.EXE\""
"EPSON Stylus Photo RX500"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2K1.EXE /P24 \"EPSON Stylus Photo RX500\" /O6 \"USB001\" /M \"Stylus Photo RX500\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"D:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\mbikkjms.dll\",realset"
"SpywareBot"="C:\\Program Files\\SpywareBot\\SpywareBot.exe -boot"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"EPSON Stylus Photo RX500"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2K1.EXE /P24 \"EPSON Stylus Photo RX500\" /M \"Stylus Photo RX500\" /EF \"HKCU\""
"RealPlayer"="\"C:\\Program Files\\Real\\RealOne Player\\realplay.exe\" /RunUPGToolCommandReBoot"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"=hex:01,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"inimapping"="0"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Winamp\\winampa.exe\""
"item"="winampa"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - lisa.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\Registration reminder 2.job
C:\WINDOWS\tasks\Registration reminder 3.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-01 17:57:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus Photo RX500 = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /M "Stylus Photo RX500" /EF "HKCU"??Mnv?/??????????????????wP??????????????????????????????????????w????????????<???8????????????V?w?????????????V?w???????????? N?w???????
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-05-01 17:58:00
C:\ComboFix-quarantined-files.txt ... 07-05-01 17:58
Hi again, we'll continue :)
You seem to have this Spywarebot software installed.It has a suspicious reputation and Irecommend that you remove it via Control Panel, Add/Remove programs.
More info here (http://www.spywarewarrior.com/rogue_anti-spyware.htm)
This is the line to fix with HijackThis, O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
You should print these instructions or save these to a text file. Follow these instructions carefully.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.
Create a new folder for HijackThis and move HijackThis.exe into it.
Make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
==================
Stop the following processes using Task Manager (press ctrl+alt+del, select the Processes tab, highlight the first process in the list and click End Process). Continue through the list (one at a time) until all processes have been ended. If something isn't found, please continue with the next process in the list.
retadpu2000219.exe
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
O2 - BHO: (no name) - {3247F143-B5B5-4B90-BCA6-C1C3F7C31505} - C:\WINDOWS\system32\algapejd.dll
O2 - BHO: (no name) - {AB6D6620-B82B-4128-BA9B-31C15CFB3215} - C:\WINDOWS\system32\mllmn.dll (file missing)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\fcdnklju.dll
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\mbikkjms.dll",realset
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Go to the My Computer and delete the following files (if present):
C:\WINDOWS\retadpu2000219.exe
C:\WINDOWS\system32\algapejd.dll
C:\WINDOWS\system32\fcdnklju.dll
C:\WINDOWS\system32\mbikkjms.dll
Go to the My Computer and delete the following folders (if present):
C:\WINDOWS\system32\smpi1
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
================
When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log
I had already removed SpywareBot. The folder didn't exist anymore. When I got to the step for HijackThis to remove stuff, I also check the box for the SpywareBot.exe -boot line.
Here's my log files (3 separate posts due to size):
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:14:51 PM 5/2/2007
+ Scan result:
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinAdmin.exe.vir -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\2kids\Application Data\Mozilla\Firefox\Profiles\5s1scql5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\2kids\Application Data\Mozilla\Firefox\Profiles\5s1scql5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\2kids\Application Data\Mozilla\Firefox\Profiles\5s1scql5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\2kids\Application Data\Mozilla\Firefox\Profiles\5s1scql5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\2kids\Application Data\Mozilla\Profiles\default\nath4hww.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\2kids\Application Data\Mozilla\Profiles\default\nath4hww.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\2kids\Application Data\Mozilla\Firefox\Profiles\5s1scql5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.19:C:\Documents and Settings\2kids\Application Data\Mozilla\Firefox\Profiles\5s1scql5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.69:D:\LaptopCopy\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Admonitor : Cleaned.
:mozilla.69:D:\lisa\Application Data\Mozilla\Profiles\default\je502n2f.slt\cookies.txt -> TrackingCookie.Admonitor : Cleaned.
:mozilla.69:D:\lisa\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Admonitor : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00008258.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00008360.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00009243.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00009245.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00009472.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00009475.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00008257.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00008258.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00008360.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00009243.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00009245.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00009472.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00009475.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00009476.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00010005.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00010006.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00010012.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00008257.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00009476.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00010005.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00010006.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00010012.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00010013.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00010017.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00010023.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00010030.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00010031.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00010043.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00010044.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00010013.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00010017.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00010023.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00010030.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00010031.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00010043.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00010044.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.65:D:\LaptopCopy\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.65:D:\lisa\Application Data\Mozilla\Profiles\default\je502n2f.slt\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.65:D:\lisa\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.66:D:\LaptopCopy\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.66:D:\lisa\Application Data\Mozilla\Profiles\default\je502n2f.slt\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.66:D:\lisa\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.120:D:\LaptopCopy\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.120:D:\lisa\Application Data\Mozilla\Profiles\default\je502n2f.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.120:D:\lisa\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.52:D:\LaptopCopy\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.52:D:\lisa\Application Data\Mozilla\Profiles\default\je502n2f.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.52:D:\lisa\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.124:D:\LaptopCopy\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.124:D:\lisa\Application Data\Mozilla\Profiles\default\je502n2f.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.124:D:\lisa\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.109:D:\LaptopCopy\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Flycast : Cleaned.
:mozilla.109:D:\lisa\Application Data\Mozilla\Profiles\default\je502n2f.slt\cookies.txt -> TrackingCookie.Flycast : Cleaned.
:mozilla.109:D:\lisa\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Flycast : Cleaned.
:mozilla.118:D:\LaptopCopy\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Focalink : Cleaned.
:mozilla.118:D:\lisa\Application Data\Mozilla\Profiles\default\je502n2f.slt\cookies.txt -> TrackingCookie.Focalink : Cleaned.
:mozilla.118:D:\lisa\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Focalink : Cleaned.
:mozilla.25:D:\LaptopCopy\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.25:D:\lisa\Application Data\Mozilla\Profiles\default\je502n2f.slt\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.25:D:\lisa\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.26:D:\LaptopCopy\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.26:D:\lisa\Application Data\Mozilla\Profiles\default\je502n2f.slt\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.26:D:\lisa\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.27:D:\LaptopCopy\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.27:D:\lisa\Application Data\Mozilla\Profiles\default\je502n2f.slt\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.27:D:\lisa\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.28:D:\LaptopCopy\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.28:D:\lisa\Application Data\Mozilla\Profiles\default\je502n2f.slt\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.28:D:\lisa\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.82:C:\RECYCLER\NPROTECT\00009243.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.82:C:\RECYCLER\NPROTECT\00009245.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.82:C:\RECYCLER\NPROTECT\00009472.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.82:C:\RECYCLER\NPROTECT\00009475.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.83:C:\RECYCLER\NPROTECT\00009243.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.83:C:\RECYCLER\NPROTECT\00009245.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.83:C:\RECYCLER\NPROTECT\00009472.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.83:C:\RECYCLER\NPROTECT\00009475.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.83:C:\RECYCLER\NPROTECT\00009476.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.83:C:\RECYCLER\NPROTECT\00010005.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.83:C:\RECYCLER\NPROTECT\00010006.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.83:C:\RECYCLER\NPROTECT\00010012.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.84:C:\RECYCLER\NPROTECT\00008258.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.84:C:\RECYCLER\NPROTECT\00008360.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.84:C:\RECYCLER\NPROTECT\00009476.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.84:C:\RECYCLER\NPROTECT\00010005.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.84:C:\RECYCLER\NPROTECT\00010006.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.84:C:\RECYCLER\NPROTECT\00010012.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.84:C:\RECYCLER\NPROTECT\00010013.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.84:C:\RECYCLER\NPROTECT\00010017.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.84:C:\RECYCLER\NPROTECT\00010023.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.84:C:\RECYCLER\NPROTECT\00010030.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.84:C:\RECYCLER\NPROTECT\00010031.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.84:C:\RECYCLER\NPROTECT\00010043.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.84:C:\RECYCLER\NPROTECT\00010044.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.85:C:\RECYCLER\NPROTECT\00008257.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.85:C:\RECYCLER\NPROTECT\00008258.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.85:C:\RECYCLER\NPROTECT\00008360.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.85:C:\RECYCLER\NPROTECT\00010013.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.85:C:\RECYCLER\NPROTECT\00010017.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.85:C:\RECYCLER\NPROTECT\00010023.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.85:C:\RECYCLER\NPROTECT\00010030.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.85:C:\RECYCLER\NPROTECT\00010031.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.85:C:\RECYCLER\NPROTECT\00010043.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.85:C:\RECYCLER\NPROTECT\00010044.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.86:C:\RECYCLER\NPROTECT\00008257.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.36:C:\Documents and Settings\2kids\Application Data\Mozilla\Firefox\Profiles\5s1scql5.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.37:C:\Documents and Settings\2kids\Application Data\Mozilla\Firefox\Profiles\5s1scql5.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00008258.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00008360.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00009243.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00009245.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00009472.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00009475.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.43:C:\RECYCLER\NPROTECT\00008257.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.43:C:\RECYCLER\NPROTECT\00008258.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.43:C:\RECYCLER\NPROTECT\00008360.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.43:C:\RECYCLER\NPROTECT\00009243.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.43:C:\RECYCLER\NPROTECT\00009245.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.43:C:\RECYCLER\NPROTECT\00009472.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.43:C:\RECYCLER\NPROTECT\00009475.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.43:C:\RECYCLER\NPROTECT\00009476.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.43:C:\RECYCLER\NPROTECT\00010005.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.43:C:\RECYCLER\NPROTECT\00010006.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.43:C:\RECYCLER\NPROTECT\00010012.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00008257.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00009476.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00010005.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00010006.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00010012.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00010013.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00010017.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00010023.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00010030.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00010031.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00010043.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.44:C:\RECYCLER\NPROTECT\00010044.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00010013.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00010017.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00010023.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00010030.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00010031.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00010043.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.45:C:\RECYCLER\NPROTECT\00010044.MOZ -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.75:C:\RECYCLER\NPROTECT\00009243.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.75:C:\RECYCLER\NPROTECT\00009245.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.75:C:\RECYCLER\NPROTECT\00009472.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.75:C:\RECYCLER\NPROTECT\00009475.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.76:C:\RECYCLER\NPROTECT\00009243.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.76:C:\RECYCLER\NPROTECT\00009245.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.76:C:\RECYCLER\NPROTECT\00009472.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.76:C:\RECYCLER\NPROTECT\00009475.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.76:C:\RECYCLER\NPROTECT\00009476.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.76:C:\RECYCLER\NPROTECT\00010005.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.76:C:\RECYCLER\NPROTECT\00010006.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.76:C:\RECYCLER\NPROTECT\00010012.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.77:C:\RECYCLER\NPROTECT\00008258.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.77:C:\RECYCLER\NPROTECT\00008360.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.77:C:\RECYCLER\NPROTECT\00009476.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.77:C:\RECYCLER\NPROTECT\00010005.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.77:C:\RECYCLER\NPROTECT\00010006.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.77:C:\RECYCLER\NPROTECT\00010012.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.77:C:\RECYCLER\NPROTECT\00010013.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.77:C:\RECYCLER\NPROTECT\00010017.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.77:C:\RECYCLER\NPROTECT\00010023.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.77:C:\RECYCLER\NPROTECT\00010030.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.77:C:\RECYCLER\NPROTECT\00010031.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.77:C:\RECYCLER\NPROTECT\00010043.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.77:C:\RECYCLER\NPROTECT\00010044.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.78:C:\RECYCLER\NPROTECT\00008257.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.78:C:\RECYCLER\NPROTECT\00008258.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.78:C:\RECYCLER\NPROTECT\00008360.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.78:C:\RECYCLER\NPROTECT\00010013.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.78:C:\RECYCLER\NPROTECT\00010017.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.78:C:\RECYCLER\NPROTECT\00010023.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.78:C:\RECYCLER\NPROTECT\00010030.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.78:C:\RECYCLER\NPROTECT\00010031.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.78:C:\RECYCLER\NPROTECT\00010043.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.78:C:\RECYCLER\NPROTECT\00010044.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.79:C:\RECYCLER\NPROTECT\00008257.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.143:D:\LaptopCopy\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.143:D:\lisa\Application Data\Mozilla\Profiles\default\je502n2f.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.143:D:\lisa\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.144:D:\LaptopCopy\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.144:D:\lisa\Application Data\Mozilla\Profiles\default\je502n2f.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.144:D:\lisa\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.49:C:\Documents and Settings\2kids\Application Data\Mozilla\Firefox\Profiles\5s1scql5.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00008258.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00008360.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00009243.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00009245.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00009472.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00009475.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.14:C:\RECYCLER\NPROTECT\00008257.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.14:C:\RECYCLER\NPROTECT\00008258.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.14:C:\RECYCLER\NPROTECT\00008360.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.14:C:\RECYCLER\NPROTECT\00009243.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.14:C:\RECYCLER\NPROTECT\00009245.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.14:C:\RECYCLER\NPROTECT\00009472.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.14:C:\RECYCLER\NPROTECT\00009475.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.14:C:\RECYCLER\NPROTECT\00009476.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.14:C:\RECYCLER\NPROTECT\00010005.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.14:C:\RECYCLER\NPROTECT\00010006.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.14:C:\RECYCLER\NPROTECT\00010012.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00008257.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00008258.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00008360.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00009243.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00009245.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00009472.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00009475.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00009476.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00010005.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00010006.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00010012.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00010013.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00010017.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00010023.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00010030.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00010031.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00010043.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00010044.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00008257.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00008258.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00008360.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00009243.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00009245.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00009472.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00009475.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00009476.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00010005.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00010006.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00010012.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00010013.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00010017.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00010023.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00010030.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00010031.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00010043.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00010044.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00008257.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00008258.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00008360.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00009243.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00009245.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00009472.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00009475.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00009476.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00010005.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00010006.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00010012.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00010013.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00010017.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00010023.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00010030.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00010031.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00010043.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00010044.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00008257.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00009476.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00010005.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00010006.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00010012.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00010013.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00010017.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00010023.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00010030.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00010031.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00010043.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00010044.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00010013.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00010017.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00010023.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00010030.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00010031.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00010043.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00010044.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.63:D:\LaptopCopy\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.63:D:\lisa\Application Data\Mozilla\Profiles\default\je502n2f.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.63:D:\lisa\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.64:D:\LaptopCopy\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.64:D:\lisa\Application Data\Mozilla\Profiles\default\je502n2f.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.64:D:\lisa\My Documents\Lisa\Mozilla\Users50\default\je502n2f.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00008258.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00008360.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00009243.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00009245.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00009472.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00009475.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00008257.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00008258.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00008360.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00009243.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00009245.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00009472.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00009475.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00009476.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00010005.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00010006.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00010012.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00008257.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00009476.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00010005.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00010006.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00010012.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00010013.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00010017.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00010023.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00010030.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00010031.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00010043.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00010044.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00010013.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00010017.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00010023.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00010030.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00010031.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00010043.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00010044.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.10:C:\Documents and Settings\2kids\Application Data\Mozilla\Profiles\default\nath4hww.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.11:C:\Documents and Settings\2kids\Application Data\Mozilla\Profiles\default\nath4hww.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.27:C:\Documents and Settings\2kids\Application Data\Mozilla\Firefox\Profiles\5s1scql5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.9:C:\Documents and Settings\2kids\Application Data\Mozilla\Profiles\default\nath4hww.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.84:C:\RECYCLER\NPROTECT\00009243.MOZ -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.84:C:\RECYCLER\NPROTECT\00009245.MOZ -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.84:C:\RECYCLER\NPROTECT\00009472.MOZ -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.84:C:\RECYCLER\NPROTECT\00009475.MOZ -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.85:C:\RECYCLER\NPROTECT\00009476.MOZ -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.85:C:\RECYCLER\NPROTECT\00010005.MOZ -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.85:C:\RECYCLER\NPROTECT\00010006.MOZ -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.85:C:\RECYCLER\NPROTECT\00010012.MOZ -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.86:C:\RECYCLER\NPROTECT\00008258.MOZ -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.86:C:\RECYCLER\NPROTECT\00008360.MOZ -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.86:C:\RECYCLER\NPROTECT\00010013.MOZ -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.86:C:\RECYCLER\NPROTECT\00010017.MOZ -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.86:C:\RECYCLER\NPROTECT\00010023.MOZ -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.86:C:\RECYCLER\NPROTECT\00010030.MOZ -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.86:C:\RECYCLER\NPROTECT\00010031.MOZ -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.86:C:\RECYCLER\NPROTECT\00010043.MOZ -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.86:C:\RECYCLER\NPROTECT\00010044.MOZ -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.87:C:\RECYCLER\NPROTECT\00008257.MOZ -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.54:C:\RECYCLER\NPROTECT\00008258.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.54:C:\RECYCLER\NPROTECT\00008360.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.54:C:\RECYCLER\NPROTECT\00009243.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.54:C:\RECYCLER\NPROTECT\00009245.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.54:C:\RECYCLER\NPROTECT\00009472.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.54:C:\RECYCLER\NPROTECT\00009475.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00008257.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00008258.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00008360.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00009243.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00009245.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00009472.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00009475.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00009476.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00010005.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00010006.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00010012.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00008257.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00008258.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00008360.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00009243.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00009245.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00009472.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00009475.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00009476.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00010005.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00010006.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00010012.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00010013.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00010017.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00010023.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00010030.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00010031.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00010043.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00010044.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\RECYCLER\NPROTECT\00008257.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\RECYCLER\NPROTECT\00008258.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\RECYCLER\NPROTECT\00008360.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\RECYCLER\NPROTECT\00009243.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\RECYCLER\NPROTECT\00009245.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\RECYCLER\NPROTECT\00009472.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\RECYCLER\NPROTECT\00009475.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\RECYCLER\NPROTECT\00009476.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\RECYCLER\NPROTECT\00010005.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\RECYCLER\NPROTECT\00010006.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\RECYCLER\NPROTECT\00010012.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\RECYCLER\NPROTECT\00010013.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\RECYCLER\NPROTECT\00010017.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\RECYCLER\NPROTECT\00010023.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\RECYCLER\NPROTECT\00010030.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\RECYCLER\NPROTECT\00010031.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\RECYCLER\NPROTECT\00010043.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\RECYCLER\NPROTECT\00010044.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.58:C:\RECYCLER\NPROTECT\00008257.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.58:C:\RECYCLER\NPROTECT\00008258.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.58:C:\RECYCLER\NPROTECT\00008360.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.58:C:\RECYCLER\NPROTECT\00009476.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.58:C:\RECYCLER\NPROTECT\00010005.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.58:C:\RECYCLER\NPROTECT\00010006.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.58:C:\RECYCLER\NPROTECT\00010012.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.58:C:\RECYCLER\NPROTECT\00010013.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.58:C:\RECYCLER\NPROTECT\00010017.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.58:C:\RECYCLER\NPROTECT\00010023.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.58:C:\RECYCLER\NPROTECT\00010030.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.58:C:\RECYCLER\NPROTECT\00010031.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.58:C:\RECYCLER\NPROTECT\00010043.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.58:C:\RECYCLER\NPROTECT\00010044.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.59:C:\RECYCLER\NPROTECT\00008257.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.59:C:\RECYCLER\NPROTECT\00010013.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.59:C:\RECYCLER\NPROTECT\00010017.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.59:C:\RECYCLER\NPROTECT\00010023.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.59:C:\RECYCLER\NPROTECT\00010030.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.59:C:\RECYCLER\NPROTECT\00010031.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.59:C:\RECYCLER\NPROTECT\00010043.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.59:C:\RECYCLER\NPROTECT\00010044.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:C:\Documents and Settings\2kids\Application Data\Mozilla\Firefox\Profiles\5s1scql5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.60:C:\RECYCLER\NPROTECT\00009243.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.60:C:\RECYCLER\NPROTECT\00009245.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.60:C:\RECYCLER\NPROTECT\00009472.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.60:C:\RECYCLER\NPROTECT\00009475.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.61:C:\RECYCLER\NPROTECT\00008258.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.61:C:\RECYCLER\NPROTECT\00008360.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.61:C:\RECYCLER\NPROTECT\00009476.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.61:C:\RECYCLER\NPROTECT\00010005.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.61:C:\RECYCLER\NPROTECT\00010006.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.61:C:\RECYCLER\NPROTECT\00010012.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT\00008257.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT\00010013.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT\00010017.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT\00010023.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT\00010030.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT\00010031.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT\00010043.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT\00010044.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.75:C:\Documents and Settings\2kids\Application Data\Mozilla\Firefox\Profiles\5s1scql5.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 12:22:46 PM, on 5/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\WINDOWS\System32\ezSP_Px.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\Monsoon Multimedia\Drivers\havasvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
D:\Program Files\Security\HiJack2\HijackThis.exe
C:\WINDOWS\ehome\ehmsas.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;https=localhost:8080
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\lisa\Application Data\Mozilla\Profiles\default\m7bx443e.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\lisa\Application Data\Mozilla\Profiles\default\m7bx443e.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "D:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /M "Stylus Photo RX500" /EF "HKCU"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099090720109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160826003812
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: HAVA Service (havasvc) - Monsoon Multimedia Inc. - C:\Program Files\Monsoon Multimedia\Drivers\havasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
I think I got everything when I split up the AVG report.
Let me know what I need to do next.
Thank you for all your time and help.
Hello :)
It is looking pretty good now. How is the computer running?
Everything seems relatively normal. No more pop-up windows or weird things like that. I have noticed when I boo the computer, if I start using the computer before all the icons have finished loading in the System Tray, Norton Internet Security sometimes gives me an error message and it tells me that my Antivirus Protection is off. I have to reboot the machine to get it working again. Once the computer is on and working it seems to stay working.
Is this anything to really worry about? Should I just drop Norton and use AVG Anti-Spyware and Spybot and then turn on Window's firewall? Your advice would be much appreciated.
Thanks for all the help.
I did run Spybot again and it found the following:
Smitfraud-C.Toolbar888: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1427027906-820751146-740830286-1004\Software\Microsoft\aldd
Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2
I had both of them fixed. Since then Smitfraud-C.Toolbar888 hasn't come up again. The Microsoft.WindowsSecurityCenter_disabled: comes up every time I scan after a reboot. If I fix it and don't reboot, the problem is not detected again. Should I be concerned about this one?
Thanks.
Hello :)
Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2
It means that something has been disabled from Security Center. YOu have this Norton Internet Security installed so it is propably the reason.
Don't drop Norton!! You must have a firewall and antivirus installed. Windows firewall is actually quite weak. If you have problems with Norton, a repair installation could help.
:bigthumb:
The computer has been running great for the past few days. I let Norton do a self-diagnostic and it seems to be running fine now.
Thanks for all your help. You've been a real lifesaver.
That's nice to hear, you're very welcome :D:
Now you can clean AVG's Quarantine:
Open AVG Anti-Spyware
Click Infections
Click Quarantine tab
Click Select all
Click Remove finally
Close the program
You can remove the tools we used.
Then you should update your Java to the latest version (6u1) Start
Control Panel
Add/Remove Programs
Delete the old Java, Java 2 Runtime Environment, SE v1.4.2_01
Download the latest version of Java Runtime Environment (JRE) 6u1 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Install it
Now you can make your hidden files hidden again.
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Check "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
=============
Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Use AVG Anti-Spyware (http://www.ewido.net/en/)
Download and install AVG Anti-Spyware. Update it and scan your computer regularly with it.
Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.
Use Firefox browser (http://www.mozilla.org)
Firefox is faster and more secure browser than Internet Explorer.
Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly. How to enable Automatic Updates? (http://www.bleepingcomputer.com/tutorials/tutorial35.html)
Keep your antivirus (http://forum.malwareremoval.com/viewtopic.php?p=53#53) and firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) up-to-date
Scan your computer regularly with you antivirus software.
Read this article by TonyKlein (http://forums.spybot.info/showthread.php?t=279)
So how did I get infected in the first place?
Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Stay clean and be safe ;)