View Full Version : need help possible smitfraud-c ...
... but symptoms do not seem to match descriptions. A few months ago Internet Explorer stopped working. Netscape however was ok until recently. Presently, in either normal or safe mode with networking, an internet connection goes away after a few minutes of startup. ipconfig shows normal connection. Anything using winsock can't find a connection. Utilities providing settings and hard disk info show an hour glass upon startup but no window ever comes up. This includes windows explorer, control panel, and system information. Latest SPS&D found SmitFraud-c and "removed" it. Rerunning SPS&D no longer finds it but never finishes its last check on Zlob.Zcodec. Lastest McAfee found Downloader.AWX and deleted it. McAfee now runs clean. AdAware runs for awhile but hangs. Your help would be much appreciated. HJT log in normal mode and SmitFraudFix Option 1 log follow.
Logfile of HijackThis v1.99.1
Scan saved at 6:54:13 PM, on 11/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Network Associates\VirusScan\MCUPDATE.EXE
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\cmd.exe
E:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6153d806-9b68-4079-8d1c-b87405551e07} - C:\WINDOWS\system32\FM2ask.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AutoTBar] C:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HPZRCV01.LNK = C:\Program Files\Hp\Temp\{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}\setup\hpzrcv01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O20 - Winlogon Notify: FM2ask - C:\WINDOWS\SYSTEM32\FM2ask.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
SmitFraudFix v2.122
Scan done at 18:59:53.71, Sun 11/19/2006
Run from E:\
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tim McLoone
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tim McLoone\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TIMMCL~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Hi pjmcl4 and welcome to Safer Networking Forums :)
You got some infections there....
Please move HijackThis.exe into a permanent folder, eg E:\HJT\HijackThis.exe
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Vundofix reports no infected files found. Log files as requested follow.
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.2
Scan started at 4:14:31 PM 11/22/2006
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.2
Scan started at 4:22:15 PM 11/22/2006
Listing files found while scanning....
No infected files were found.
Logfile of HijackThis v1.99.1
Scan saved at 4:25:57 PM, on 11/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Hp\HP Software Update\HPWUCli.exe
C:\Program Files\Network Associates\VirusScan\MCUPDATE.EXE
C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe
C:\WINDOWS\system32\cmd.exe
C:\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6153d806-9b68-4079-8d1c-b87405551e07} - C:\WINDOWS\system32\FM2ask.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AutoTBar] C:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HPZRCV01.LNK = C:\Program Files\Hp\Temp\{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}\setup\hpzrcv01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O20 - Winlogon Notify: FM2ask - C:\WINDOWS\SYSTEM32\FM2ask.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Hi again, we'll continue...
Make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
Go to virustotal.com (http://www.virustotal.com)
Click on the Browse button
Browse to the following file: C:\WINDOWS\SYSTEM32\FM2ask.dll
Click Open and then on Send
Wait for the scan to end.
Copy & Paste the scan results to here.
:bigthumb:
Due to the current condition of the PC in question, it is difficult to follow your instructions as written. The desktop has no My Computer icon. I can sometimes get windows explorer in operation shortly after booting but it disappears midstream quickly. I can only reliably view hard disk content through DOS commands using Command Prompt. I used the later to copy FM20.DLL to a usb thumb drive which I then connected to a working PC and performed the scan. Results follow. On the infected PC, after booting, the internet connection stays up longer than windows explorer but will still fail after a few minutes. Same results in safe mode and safe mode with networking. Consequently, as a practical matter, this kind of diagnostic work has to be accomplished by moving items between the infected machine and a working machine.
The infected computer is my son's laptop. I will find out more from him about what early symptoms of the problem might have been.
STATUS: FINISHEDComplete scanning result of "FM20.DLL", received in VirusTotal at 11.23.2006, 14:40:02 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.44 11.23.2006 no virus found
Authentium 4.93.8 11.22.2006 no virus found
Avast 4.7.892.0 11.23.2006 no virus found
AVG 386 11.23.2006 no virus found
BitDefender 7.2 11.23.2006 no virus found
CAT-QuickHeal 8.00 11.22.2006 no virus found
ClamAV devel-20060426 11.23.2006 no virus found
DrWeb 4.33 11.23.2006 no virus found
eSafe 7.0.14.0 11.23.2006 no virus found
eTrust-InoculateIT 23.73.65 11.23.2006 no virus found
eTrust-Vet 30.3.3209 11.23.2006 no virus found
Ewido 4.0 11.23.2006 no virus found
Fortinet 2.82.0.0 11.23.2006 no virus found
F-Prot 3.16f 11.22.2006 no virus found
F-Prot4 4.2.1.29 11.22.2006 no virus found
Ikarus 0.2.65.0 11.23.2006 no virus found
Kaspersky 4.0.2.24 11.23.2006 no virus found
McAfee 4902 11.22.2006 no virus found
Microsoft 1.1804 11.23.2006 no virus found
NOD32v2 1879 11.23.2006 no virus found
Norman 5.80.02 11.23.2006 no virus found
Panda 9.0.0.4 11.22.2006 no virus found
Prevx1 V2 11.23.2006 no virus found
Sophos 4.11.0 11.16.2006 no virus found
TheHacker 6.0.3.123 11.23.2006 no virus found
UNA 1.83 11.22.2006 no virus found
VBA32 3.11.1 11.22.2006 no virus found
VirusBuster 4.3.15:9 11.22.2006 no virus found
Aditional Information
File size: 1109264 bytes
MD5: 8d1a931caad2d76740ccd1b08b082923
SHA1: 90c6bba7775dd942a8085045ad0077d4924a4967
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
Hi again, we'll continue :)
You have two (2) antiviruses installed and running, McAfee and Norton. Running more that one antivirus at the same time may cause all kinds of problems and is NOT recommended.
You should leave only one (1) antivirus running. You should uninstall/disable either McAfee or Norton. When you have decided, you can uninstall your choice through Control Panel, Add/Remove Programs..
Please notice that your Norton includes a firewall and if you decide to remove Norton, you must install a new firewall too. In that case these are good and free firewalls:Sunbelt-Kerio (http://www.sunbelt-software.com/Kerio.cfm), ZoneAlarm (http://www.zonelabs.com/), Sygate (http://http://www.majorgeeks.com/download.php?det=3356), Outpost (http://www.majorgeeks.com/download.php?det=1056)
Before we'll continue I would like you to do something for me...
I need you too upload few malware files for further inspection if possible
You can upload the file from the memorystick too if you want.
Please go here (http://www.uploadmalware.com/) to upload a suspicious file for analysis.
Enter your username from this forum
Copy and paste the link to this thread
Click "Browse" on the 1. field.
Browse to the following file and click the file with your mouse, press "Open"
C:\WINDOWS\system32\FM2ask.dll
In the comments, please mention that I asked you to upload this file
Click on Send File
You should print these instructions or save these to a text file. Follow these instructions carefully.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.
==================
We'll run VundoFix again: Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once the scan is complete, Right Click inside the listbox (white box) and click add more files
Copy&Paste the 2 entries below into the top 2 boxes
C:\WINDOWS\system32\DMDCTL.dll
C:\WINDOWS\system32\LTCDMD.*
Click Add Files and Click Close Window
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
O2 - BHO: (no name) - {6153d806-9b68-4079-8d1c-b87405551e07} - C:\WINDOWS\system32\FM2ask.dll
O20 - Winlogon Notify: FM2ask - C:\WINDOWS\SYSTEM32\FM2ask.dll
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
================
When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log
- contents of C:\VundoFix.txt
In responding to your instructions in post 4 of this thread, I incorrectly submitted FM20.dll for analyis at virustotal rather than FM2ask.dll as you requested. The correct analysis follows. I will prepare to execute your instructions in post 6 but will wait for your confirmation that it is the correct way to proceed. In particular, given the results below, do you still want FM2ask.dll uploaded to the site you indicated in post 6?
STATUS: FINISHEDComplete scanning result of "FM2ask.dll", received in VirusTotal at 11.25.2006, 03:05:56 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.46 11.24.2006 no virus found
Authentium 4.93.8 11.24.2006 no virus found
Avast 4.7.892.0 11.23.2006 Win32:Conhook-T
AVG 386 11.24.2006 Downloader.Generic2.XMB
BitDefender 7.2 11.25.2006 no virus found
CAT-QuickHeal 8.00 11.24.2006 no virus found
ClamAV devel-20060426 11.25.2006 no virus found
DrWeb 4.33 11.24.2006 no virus found
eSafe 7.0.14.0 11.24.2006 no virus found
eTrust-InoculateIT 23.73.67 11.25.2006 no virus found
eTrust-Vet 30.3.3211 11.24.2006 Win32/Darksma!generic
Ewido 4.0 11.24.2006 Downloader.ConHook.aa
Fortinet 2.82.0.0 11.24.2006 no virus found
F-Prot 3.16f 11.24.2006 no virus found
F-Prot4 4.2.1.29 11.24.2006 no virus found
Ikarus 0.2.65.0 11.24.2006 no virus found
Kaspersky 4.0.2.24 11.25.2006 no virus found
McAfee 4904 11.24.2006 no virus found
Microsoft 1.1804 11.25.2006 no virus found
NOD32v2 1882 11.24.2006 a variant of Win32/TrojanDownloader.ConHook.AA
Norman 5.80.02 11.24.2006 no virus found
Panda 9.0.0.4 11.24.2006 Suspicious file
Prevx1 V2 11.25.2006 no virus found
Sophos 4.11.0 11.16.2006 no virus found
TheHacker 6.0.3.123 11.23.2006 no virus found
UNA 1.83 11.24.2006 no virus found
VBA32 3.11.1 11.24.2006 no virus found
VirusBuster 4.3.15:9 11.24.2006 no virus found
Aditional Information
File size: 23040 bytes
MD5: a585cb77188876eae3b6255a87988eab
SHA1:
Hi again :)
I should have noticed that the difference in filenames :oops:
Yes please upload the FM2ask.dll if possible, then just follow the instructions...
You did the right thing :bigthumb:
I understand the Mcafee/Norton being on the system at the same time. I added Mcafee to see what it could detect. Because control panel is not currently functional, I cannot either at the moment in the usual fashion. Will fix when control panel returns. Thanks for the heads up.
FM2ask.dll has been uploaded as requested. The comment refers to you as "Mr Jak3" or "Mr. Jak3" Didn't notice the _ until afterwards.
Vundofix ran. Log follows:
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.2
Scan started at 4:14:31 PM 11/22/2006
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.2
Scan started at 4:22:15 PM 11/22/2006
Listing files found while scanning....
No infected files were found.
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.2
Scan started at 8:31:17 AM 11/25/2006
Listing files found while scanning....
No infected files were found.
Beginning removal...
Performing Repairs to the registry.
Done!
~~~~~~~~~~~~~~
Ran Hijackthis as instructed.
Ran ATFcleaner but after eight hours figured it was hung. Tried multiple runs, one for each category. All cleaned except the following which hang: cookies, temp internet files, and history. Now in these cases I waited minutes rather than hours so if you want me to try again, let me know.
I ran AVG. It detected Downloader.Conhook.aa. It quite the scan suddenly which I think was my fault. I was moving the cursor to prevent it from going into screensaver mode and may have clicked on the stop button. I did the apply all actions. Had to reboot to complete. Log file follows:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:12:39 PM 11/25/2006
+ Scan result:
[204] C:\WINDOWS\system32\FM2ask.dll -> Downloader.ConHook.aa : Cleaned with backup (quarantined).
::Report end
~~~~~~~~~~~~~
Because I believed I had caused AVG to halt, I ran it again with the following result:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 6:33:13 AM 11/26/2006
+ Scan result:
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1\A0000027.dll -> Downloader.ConHook.aa : Cleaned with backup (quarantined).
C:\hjt\backups\backup-20061125-085323-166.dll -> Downloader.ConHook.aa : Cleaned with backup (quarantined).
C:\hjt\backups\backup-20061125-085441-810.dll -> Downloader.ConHook.aa : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jkhhi.exe -> Dropper.Agent.arj : Cleaned with backup (quarantined).
:mozilla.282:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.283:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.284:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.285:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.286:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.287:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.288:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.289:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.290:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.291:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.292:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.293:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.294:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.295:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.296:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.297:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.298:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.299:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.300:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.301:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.302:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.303:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.304:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.305:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.306:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.307:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.308:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.309:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.310:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.311:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.312:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.313:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.314:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.315:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.316:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.317:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.318:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.319:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.320:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.321:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.322:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.323:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.324:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.325:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.326:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.327:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.328:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.329:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.330:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.344:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.357:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.507:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.713:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.741:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.491:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.492:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.493:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.208:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.209:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.210:C:\Documents and Settings\Tim McLoone\Application ; most are not. Refresh had no effect.
~~~~~~~~~~~CONTINUED IN NEXT POST
Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.146:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.147:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.148:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.227:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.230:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.236:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.237:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.380:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.381:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.382:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.383:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.433:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.457:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.460:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.550:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.601:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.606:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.686:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.689:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.690:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.691:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.698:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.736:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.739:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.882:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.883:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.660:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.662:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.26:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.27:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.28:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.31:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.32:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.16:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.701:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.395:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.429:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.885:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.886:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.437:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.234:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.235:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.238:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.123:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.126:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.127:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.128:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.129:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.130:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.596:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.598:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.273:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.11:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.226:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.599:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.600:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.887:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.494:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.495:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.496:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.497:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.173:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.174:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.175:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.176:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.178:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.179:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.181:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.388:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.389:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.390:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.392:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.393:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.394:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.519:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.520:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.521:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.522:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.523:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.545:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.608:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.609:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.610:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.655:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.750:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.751:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.862:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.863:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.928:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.799:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.267:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.268:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.269:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.561:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.562:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.563:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.677:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.678:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.805:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.33:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.34:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.453:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.454:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.455:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.335:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.853:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.419:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.420:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.421:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.422:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.423:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.424:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.425:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.12:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.13:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
~~~~~~~~CONTINUED IN part 3
:mozilla.14:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.15:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.140:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.211:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.212:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.213:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.214:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.215:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.216:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.217:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.218:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.219:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.220:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.221:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.222:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.223:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.224:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.225:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.692:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.693:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.694:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.695:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.696:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.944:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.945:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.405:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.411:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.412:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.413:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.415:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.914:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.915:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.916:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.917:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.918:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.919:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.920:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.921:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.406:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.407:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.408:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.414:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.532:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.533:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.163:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.164:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.165:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.244:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.245:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.246:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.247:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.248:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.249:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.250:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.251:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.229:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.647:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.648:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.649:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.650:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.651:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.652:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.121:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.17:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.18:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.19:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.21:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.23:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.24:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.25:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.124:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.125:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.131:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.132:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.133:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.141:C:\Documents and Settings\Tim McLoone\Application Data\Netscape\NSB\Profiles\bh4t9d7r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
::Report end
~~~~~~~~~~~~~~CONTINUED IN PART 4
And finally after rebooting into normal mode, ran HJT with the following result:
Logfile of HijackThis v1.99.1
Scan saved at 12:26:03 PM, on 11/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\VirusScan\MCUPDATE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\hjt\HijackThis.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Webshots\webshots.scr
C:\WINDOWS\system32\taskmgr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6153d806-9b68-4079-8d1c-b87405551e07} - C:\WINDOWS\system32\FM2ask.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AutoTBar] C:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HPZRCV01.LNK = C:\Program Files\Hp\Temp\{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}\setup\hpzrcv01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O20 - Winlogon Notify: FM2ask - FM2ask.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
There certainly seems to be progress. However, windows explorer, control panel, system information still do not open. Seems faster though. A symptom I forgot to mention is that many icons on the desktop are the generic symbol. Some are ok.
Hi again :)
Is your account an administrator account ?
Please try this:
Start -> Run -> Copy the following to the box and hit OK; appwiz.cpl
Add/Remove Programs menu should pop up.
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
O2 - BHO: (no name) - {6153d806-9b68-4079-8d1c-b87405551e07} - C:\WINDOWS\system32\FM2ask.dll (file missing)
O20 - Winlogon Notify: FM2ask - FM2ask.dll (file missing)
Reboot.
Please go HERE (http://www.pandasoftware.com/products/activescan.htm) to run PandaActiveScan...
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and a fresh HijackThis log.
After some struggle I was able to use appwiz.cpl and removed mcafee. I ran HJT as instructed and the two items were removed. I tried IE but it doesn't find any url. Tried Netscape but it hung at the panda site when I tried to do a scan. I believe you need activex which I think Netscape doesn't support. Then Nescape stopped working even after reboot. I fired up SBS&D and it was able to access the internet ok and update its files. So I decided to let it scan. A complete scan of all bots went all the way hanging on the last one as before Zlob.Zcodec. No problems found. On usage tracking it loops on ZycnosSpace never finishing but I can stop the scan. No problems found to that point. Then the system became very slow. On reboot startup was incredibly slow as well as shutdown. Ran reasonably ok in safe mode. I decided to run msconfig and disconnect a number of startup items. Now it runs ok speed wise in normal mode but the same problem with non-working browsers, no windows explorer, control panel or system information. Decided to see what would happen with AVG. AVG was able to access the internet and update its files. A scan discovered three items previously removed but they were in system restore files so no big deal. I quaratined them anyway.
Add-Remove programs shows internet explorer as IE7 Beta 2. (When I try to use help within IE to find out version info, it hangs). I can fetch the installation file from the Microsoft site via another computer and move it over. Should I remove this item and attempt a new installation? Should i install IE6 instead?
A new HJT log follows.
Logfile of HijackThis v1.99.1
Scan saved at 9:52:46 PM, on 11/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: HPZRCV01.LNK = C:\Program Files\Hp\Temp\{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}\setup\hpzrcv01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Network Associates McShield (McShield) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Mcshield.exe (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Hi again :)
The Internet Explorer 7 is not in the beta state anymore. I suggest that you remove the beta and install the latest version of IE 7. You can also continue usnig IE6 if you want.
Ok let's try another scanner instead:
Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Run a can with Dr.Web CureIt Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, you should now mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable
After the scan, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot the computer in Normal Mode,
Post the Cure-it report and a fresh HijackThis log
Hi again :)
The Internet Explorer is not in the beta state anymore. I suggest that you remove the beta and install the latest version of IE 7. You can also continue using IE6 if you want.
Ok let's try another scanner instead:
Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Run a can with Dr.Web CureIt Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, you should now mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable
After the scan, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot the computer in Normal Mode,
Post the Cure-it report and a fresh HijackThis log
Well, this is indeed intriguing. I think you'll be able to declare victory if nothing shows up in the logs attached. I removed IE7 Beta 2 and suddenly the machine seems normal. Generic icons on the desktop returned to normal, windows explorer, system information, and control panel now work. SDS&D and AdAware run to conclusion without issues. During the removal it displays software installed after IE7 Beta 2 and it would appear to me that Windows XP SP2 was installed after IEI7 Beta 2 so I have to wonder if that caused some problems. Nonetheless, there obviously were malware problems as well. I have run a panda scan with the following result:
Incident Status Location
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tim McLoone\Cookies\tim mcloone@doubleclick[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tim McLoone\Cookies\tim mcloone@questionmarket[1].txt
Possible Virus. Not disinfected C:\Documents and Settings\Tim McLoone\Desktop\Dell Stuff\ZBT\1st Semester, Year 2\uninstall.exe
Possible Virus. Not disinfected C:\Documents and Settings\Tim McLoone\Desktop\nsb-install-8-1-2.exe[msgMapi.dll]
Possible Virus. Not disinfected C:\Documents and Settings\Tim McLoone\Local Settings\Temp\tmp-113.xpi[nsb-install-8-1-2.exe][msgMapi.dll]
Possible Virus. Not disinfected C:\Documents and Settings\Tim McLoone\Local Settings\Temp\xpinstall.exe[msgMapi.dll]
And Dr Web Cureit with the following result
tgcmd.exe;c:\program files\support.com\bin;Probably DLOADER.Trojan;Moved.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.1.3;Probably BACKDOOR.Trojan;Moved.;
WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Moved.;
sdcmon.dll;C:\Program Files\support.com\bin;Probably DLOADER.Trojan;Moved.;
tgcmd.exe;C:\Program Files\support.com\bin;Probably DLOADER.Trojan;;
tgupdate.exe;C:\Program Files\support.com\bin;Probably DLOADER.Trojan;Moved.;
Brandit.exe;C:\SWSetup\BrandIt\Disk1;Probably STPAGE.Trojan;Moved.;
And finally HJT:
Logfile of HijackThis v1.99.1
Scan saved at 1:18:35 PM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: HPZRCV01.LNK = C:\Program Files\Hp\Temp\{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}\setup\hpzrcv01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
The only remaining oddity is that I notice is that there is no "My Computer" icon on the desktop.
Ok good to hear that things are running better :)
It seems that there was an infection which replaces legitimate files.
Let see if it is gone or that do we have to do some restoring...
Please download the following program and save it to your desktop:
http://noahdfear.geekstogo.com/FindAWF.exe
Once downloaded, double-click on the file to run it. When it is done there will be a file called awf.txt on your desktop. Please post the contents of that file as a reply to this topic.
Find AWF report by noahdfear ©2006
21504 byte files found
~~~~~~~~~~~~~
21504 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~
25600 byte files found
~~~~~~~~~~~~~
25600 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~
26450 byte files found
~~~~~~~~~~~~~
26450 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~
bak folders found
~~~~~~~~~~~
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
end of report
Ok looks good, you didn't have that ugly infection.
So the computer is running fine ?
Here is a solution for the My Computer icon (http://www.5starsupport.com/xp-faq/1-74.htm)
Then there is one optional removal that you might want to do (DrWeb removed parts already, let me know if you want to keep it and we restore it):
===========
This is part of Tioga Software’s remote support and management tools (Tioga.com, Support.com, and SupportSoft.com are one and the same company) and is installed by the setup CD of the @Home ISP (@Home and MediaOne are now part of Comcast, with the ComcastSupport software being the main culprit for introducing T G C M D on a PC). The Tioga/SupportSoft.com software is also included in the Sony Support software that comes with some Sony Vaio’s and HP Pavillion’s. The original intention of T G C M D is to have your @Home service or systems software automatically updated when you are online, to provide a remote support technician with setup information about your PC, and, in some cases, to allow the remote support technician to connect to your PC and see what you are doing – in short, technical support is indeed the original intention; unfortunately, its features are also very useful to advertisers. This is considered a valid program but spyware by some. It is not just Comcast that installs this but also BellSouth in my case.
its features are also very useful to advertisers and so, depending on who supplied it, T G C M D will also collect information from your PC, which web pages you have visited, what you have downloaded, and permission based information about your system, its software, its settings, etc...,
Removal:
Use Add/Remove Programs and remove the application. The application may have different names in Add/Remove depending upon the company
Recommendation :
If you are a Comcast customer, de-install "Comcast Support" through the Add/Remove icon in your Control Panel. Next, look up BJCFD in these Task List pages. If you have a Sony Vaio, de-install the "Vaio Support Agent" through the Add/Remove icon in your Control Panel. In all cases, if the de-installation of Comcast Support or Vaio Support Agent does not remove T G C M D after a reboot, then Immediately disable T G C M D using The Ultimate Troubleshooter ! (http://www.answersthatwork.com/TUT_pages/TUT_information.htm)
For more information, check AnswersThatWork Tasklist (http://www.answersthatwork.com/Tasklist_pages/tasklist_t.htm)
===========
Then if everything is running fine:
Now you can clean AVG's Quarantine:
Open AVG Anti-Spyware
Click Infections
Click Quarantine tab
Click Select all
Click Remove finally
Close the program
You can remove the tools we used.
Then you should update your Java to the latest version (5.0 update 10) Start
Control Panel
Add/Remove Programs
Delete the old Java, J2SE Runtime Environment 5.0 Update 2
Download the latest version of Java Runtime Environment (JRE) 5.0 Update 10 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Install it
Now you can make your hidden files hidden again.
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Check "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
=============
Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Use AVG Anti-Spyware (http://www.ewido.net/en/)
Update it and scan your computer regularly with it.
Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.
Use Firefox browser (http://www.mozilla.org)
Firefox is faster, safer and better browser than Internet Explorer.
Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly.
Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.
Read this article by TonyKlein (http://forums.spybot.info/showthread.php?t=279)
So how did I get infected in the first place?
Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Stay clean and be safe ;)
As the problem appears to be resolved this topic has been archived.
If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread; this applies only to the original topic starter.
Glad we could help :2thumb: