1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: trojan-downloader-conhook logs

Discussion in 'Virus & Other Malware Removal' started by coffeelady, Jul 17, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. coffeelady

    coffeelady Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    9
    I've been reading about this trojan and followed the advice downloading and installing ewido. Here are my ewido logs and the hijack this log. Can you tell me if I need to remove anythign through hijack this? Also, I have the trojan in quarentine right now - I am afraid to remove it because it might come back - - is that right or can I delete it from quarantene. Thank you.

    Logfile of HijackThis v1.99.1
    Scan saved at 10:09:35 PM, on 7/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\acs.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Documents and Settings\Patricia\Local Settings\Temp\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {dd5e4670-9614-4146-9ef7-c7af65bf4203} - C:\WINDOWS\system32\dax017.dll (file missing)
    O2 - BHO: (no name) - {decaa194-9207-4957-a07e-81739ca6f6bb} - C:\WINDOWS\system32\dax017.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
    O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119651743953
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
    O20 - Winlogon Notify: dax017 - dax017.dll (file missing)
    O20 - Winlogon Notify: logman - logman.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZipm12.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  2. coffeelady

    coffeelady Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    9
    C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
    C:\Documents and Settings\Laura\Local Settings\Temporary Internet Files\Content.IE5\01YRCLY7\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Laura\Local Settings\Temporary Internet Files\Content.IE5\8PYV8H67\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    :mozilla.483:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.484:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.100:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.101:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.102:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.103:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.221:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.334:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.45:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.46:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.47:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.48:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.49:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.50:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.51:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.52:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.53:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.54:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.55:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.56:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.65:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.66:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.67:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.68:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.69:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.70:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.71:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.72:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.731:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.73:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.74:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.75:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.76:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.77:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.78:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.79:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.80:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.816:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.81:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.82:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.83:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.84:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.850:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.85:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.860:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.86:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.87:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.88:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.89:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.90:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.91:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.92:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.93:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.94:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.95:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.96:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.97:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.98:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.99:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.51:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
    :mozilla.52:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
    C:\Documents and Settings\Laura\Cookies\[email protected][2].txt -> TrackingCookie.Adtrak : Cleaned.
    :mozilla.15:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.16:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.17:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.28:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.29:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.30:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.31:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.32:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.127:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.14:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.59:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\Laura\Cookies\[email protected][1].txt -> TrackingCookie.Bridgetrack : Cleaned.
    :mozilla.60:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.440:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.85:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.89:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\Laura\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
    :mozilla.358:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
    C:\Documents and Settings\Laura\Cookies\[email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.19:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.35:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Laura\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.510:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.27:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.511:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.282:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.507:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.517:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.534:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.624:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.669:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.756:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.798:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.827:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.830:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.842:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.409:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.410:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.411:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.446:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.519:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.528:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.636:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.637:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.699:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.700:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.702:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.712:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.852:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.854:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Laura\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Laura\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Laura\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Laura\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Laura\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Laura\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Laura\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.558:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
    :mozilla.559:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
    :mozilla.560:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
    :mozilla.561:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
    :mozilla.744:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
    :mozilla.745:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
    :mozilla.746:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
    :mozilla.747:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
    :mozilla.360:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.361:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.364:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.473:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.474:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.625:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.626:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.627:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.680:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.681:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.837:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.838:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.856:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.857:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.125:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.80:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.81:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.466:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
    :mozilla.452:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.453:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.243:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.244:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.249:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.8:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.201:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.202:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.203:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.204:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.205:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.206:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.207:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.69:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.107:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.108:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.109:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.110:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.111:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.112:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.113:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.114:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.562:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.563:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.564:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.565:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.370:C:\Documents and Settings\Patricia\Application Cleaned.
    :mozilla.44:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.50:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
     
  3. coffeelady

    coffeelady Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    9
    Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.375:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.79:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.149:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.150:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.151:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.152:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.153:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.169:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.170:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.186:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.192:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.49:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
    :mozilla.42:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.43:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.633:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.161:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.70:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.55:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
    :mozilla.138:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.5:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.688:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.373:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.374:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.61:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.62:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.63:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.64:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.65:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.42:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.43:C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt -> TrackingCookie.Zedo :
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome :)

    Run ActiveScan online virus scan:
    http://www.pandasoftware.com/products/activescan.htm

    Once you are on the Panda site click the Scan your PC button.
    A new window will open...click the Check Now button.
    Enter your Country.
    Enter your State/Province.
    Enter your e-mail address and click send.
    Select either Home User or Company.
    Click the big Scan Now button.
    If it wants to install an ActiveX component allow it.
    It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    When download is complete, click on My Computer to start the scan.
    When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report.
     
  5. coffeelady

    coffeelady Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    9
    Incident Status Location

    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt[statse.webtrendslive.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt[.valueclick.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\8mkll949.default\cookies.txt[.com.com/]
    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Laura\Cookies\[email protected][3].txt
    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Laura\Cookies\[email protected][5].txt
    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Laura\Cookies\[email protected][6].txt
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Laura\Cookies\[email protected][2].txt
    Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\Laura\Cookies\[email protected][1].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt[statse.webtrendslive.com/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt[.apmebf.com/]
    Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt[.did-it.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt[.ct.360i.com/]
    Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt[www48.seeq.com/]
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt[.maxserving.com/]
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt[.xiti.com/]
    Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt[hc2.humanclick.com/]
    Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\0non1wid.default\cookies.txt[hc2.humanclick.com/hc/42593618]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hijack This is running from the Temp folder.
    It needs to be in a permanent folder on the hard drive.
    It will not function properly from there and it cannot create and restore backups from there.

    Redownload it here: http://thespykiller.co.uk/files/hijackthis_sfx.exe

    Let it extract to C:\Program Files
    Rerun it from there and post a new log.
     
  7. coffeelady

    coffeelady Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    9
    Logfile of HijackThis v1.99.1
    Scan saved at 12:26:03 PM, on 7/18/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\acs.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {dd5e4670-9614-4146-9ef7-c7af65bf4203} - C:\WINDOWS\system32\dax017.dll (file missing)
    O2 - BHO: (no name) - {decaa194-9207-4957-a07e-81739ca6f6bb} - C:\WINDOWS\system32\dax017.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
    O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119651743953
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
    O20 - Winlogon Notify: dax017 - dax017.dll (file missing)
    O20 - Winlogon Notify: logman - logman.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZipm12.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Rescan with Hijack This.
    Close all browser windows except Hijack This.
    Put a check mark beside these entries and click "Fix Checked".

    O2 - BHO: (no name) - {dd5e4670-9614-4146-9ef7-c7af65bf4203} - C:\WINDOWS\system32\dax017.dll (file missing)

    O2 - BHO: (no name) - {decaa194-9207-4957-a07e-81739ca6f6bb} - C:\WINDOWS\system32\dax017.dll (file missing)

    O20 - Winlogon Notify: dax017 - dax017.dll (file missing)

    O20 - Winlogon Notify: logman - logman.dll (file missing)


    Reboot, post a new log.
     
  9. coffeelady

    coffeelady Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    9
    Cheeseball81, I did what you said (fixed checked), rebooted and re-ran Hijack This. Here it is.
    Logfile of HijackThis v1.99.1
    Scan saved at 12:34:11 PM, on 7/20/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\acs.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
    O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119651743953
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZipm12.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    One last question. When I used Ewido, it quarenteed the trojan horse. I have left it in quaratene because I am afraid if I delete it, that it will come back. Should I delete or leave it in quarantene? Thanks.
     
  10. coffeelady

    coffeelady Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    9
    Cheeseball81, I did what you said (fixed checked), rebooted and re-ran Hijack This. Here it is.
    Logfile of HijackThis v1.99.1
    Scan saved at 12:34:11 PM, on 7/20/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\acs.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
    O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://www.comcastsupport.com/sdccom...ad/tgctlcm.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1119651743953
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
    O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZipm12.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    One last question. When I used Ewido, it quarenteed the trojan horse. I have left it in quaratene because I am afraid if I delete it, that it will come back. Should I delete or leave it in quarantene? Thanks.
     
  11. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Log looks good. What trojan did Ewido find and where?
     
  12. coffeelady

    coffeelady Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    9
    it was trojan downloader conhook. Ewido was the program that found it plus kept it from getting back into my computer. BTW can I delete it out of the ewido quarantene?
     
  13. coffeelady

    coffeelady Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    9
    PS thank you for your help and I am happy to make a donation for a very worthwhile service!
     
  14. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Yes you can and you're welcome :)

    Now turn off System Restore:

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Restart your computer.

    Turn System Restore back on and create a restore point.

    To create a restore point:

    Single-click Start and point to All Programs.
    Mouse over Accessories, then System Tools, and select System Restore.
    In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
    Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

    You can mark your thread "Solved" from the Thread Tools drop down menu.
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/484125

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice