Hidden Proccesses

Chesda
edited February 2008 in Malware talk

My CPU was running at around 90-100%, and every time i open Windows Task Manager it always disappears. And frequent files are scanning at around 10 traffic every 3 seconds. So i did a deep system scan and found out that HPZipm12.exe is infected or something.


I couldn't do any action after the scan other than unhide processor.


Please help me to get rid of this processor


68690547id3.png

Comments

  • Please download this tool: http://www.tehnica.org/BDAspySetup.exe , install it and create a BDAspy SysLog Info, then Zip it and upload it here pls.

  • How do i create a BDAspy SysLog Info, then Zip it

  • install that tool, run it and then go to "Sys Log Info" and click "Start Enum"


    Then upload here the log named "bd_sys_log.xml"

  • PLEASE I NEED HELP!!!

  • sorry for a late answer but I wasn't online for 24 hours.


    those files are clean and I cannot find anything "evil" in that log.


    please send us a RootkitRevealer log ( http://download.sysinternals.com/Files/RootkitRevealer.zip )


    and a Gmer log ( www.gmer.net - for the moment the site doesn't work for me )

  • Chesda
    edited February 2008

    Ok heres the RootkitReveal Log. GMER.net did not work for me either.


    And BitDefender keeps scanning C:\WINDOWS\System32\wbem\Logs\wbemmess.log, and makes my PC very laggy, so i just delete and the problem stops, but when i reset my PC this file keeps coming back.

    /applications/core/interface/file/attachment.php?id=1498" data-fileid="1498" rel="">RootkitReveal.txt

  • Chesda,


    Could you make a Hijackthis log. You can download a Trend Micro Hijackthis installer from here:


    http://www.trendsecure.com/portal/en-US/to...ckthis/download



    Install it, run it and click Do a system scan and save a logfile.


    Please copy and paste the content of the logfile into your next reply.

  • Logfile of Trend Micro HijackThis v2.0.2


    Scan saved at 8:22:18 PM, on 2/16/2008


    Platform: Windows XP SP2 (WinNT 5.01.2600)


    MSIE: Internet Explorer v7.00 (7.00.6000.16608)


    Boot mode: Normal


    Running processes:


    C:\WINDOWS\System32\smss.exe


    C:\WINDOWS\system32\winlogon.exe


    C:\WINDOWS\system32\services.exe


    C:\WINDOWS\system32\lsass.exe


    C:\WINDOWS\system32\Ati2evxx.exe


    C:\WINDOWS\system32\svchost.exe


    C:\WINDOWS\System32\svchost.exe


    C:\WINDOWS\system32\spoolsv.exe


    C:\WINDOWS\system32\Ati2evxx.exe


    C:\WINDOWS\Explorer.EXE


    C:\WINDOWS\ehome\ehtray.exe


    C:\WINDOWS\RTHDCPL.EXE


    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe


    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe


    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe


    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


    C:\Program Files\MSN Messenger\MsnMsgr.Exe


    C:\WINDOWS\system32\ctfmon.exe


    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe


    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    C:\WINDOWS\arservice.exe


    C:\WINDOWS\eHome\ehRecvr.exe


    C:\WINDOWS\eHome\ehSched.exe


    C:\Program Files\Common Files\LightScribe\LSSrvc.exe


    C:\WINDOWS\system32\svchost.exe


    C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


    C:\WINDOWS\system32\dllhost.exe


    C:\WINDOWS\System32\svchost.exe


    C:\WINDOWS\eHome\ehmsas.exe


    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe


    C:\Program Files\BitDefender\BitDefender 2008\seccenter.exe


    C:\HP\KBD\KBD.EXE


    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe


    c:\windows\system\hpsysdrv.exe


    C:\Program Files\iTunes\iTunesHelper.exe


    C:\Program Files\iPod\bin\iPodService.exe


    C:\Program Files\Windows Media Player\wmplayer.exe


    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seventeen.my163.com


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://seventeen.my163.com


    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll


    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll


    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll


    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll


    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll


    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe


    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode


    O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32


    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC


    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC


    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName


    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE


    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE


    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run


    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE


    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"


    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe


    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime


    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe


    O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"


    O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"


    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background


    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')


    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')


    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')


    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')


    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe


    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe


    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE


    O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe


    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm


    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm


    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204


    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab


    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab


    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab


    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe


    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe


    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe


    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe


    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe


    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


    O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)


    O23 - Service: QQEJAXLOPRN - Sysinternals - www.sysinternals.com - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\QQEJAXLOPRN.exe


    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


    --


    End of file - 9735 bytes

  • farbar
    farbar
    edited February 2008

    Chesda,


    Your start page is haijacked. And you have at least one infection (W32/Annew-Fam ) and a couple of suspicious links. Besides you have too many unnecessary applications running at startup. These applications could be run at demand and need not to be running all the time. They make the boot up time longer, use memory and CPU without doing anything most of the time.


    You have also run Rootkitrevealer from user temp folder and that is the reason it didn't worked. You should have downloaded the tool to your desktop. However I don't think you need it and I remove the service you have installed later on.


    We will take care of all that. Please follow the instruction and give me feedback about how it went. Go through the steps and reboot if it is needed otherwise avoid doing that right now.


    Step 1.


    Go to firewall internet traffic and remove suspicious allowed entries.


    Step 2.


    Run hijackthis, click "Do a system scan only", check the following items, close all windows including this one and click on fix checked.


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seventeen.my163.com


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://seventeen.my163.com


    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll


    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe


    04 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC


    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName


    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background


    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime


    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE


    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot ptimizer\HPBootOp.exe" /run


    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"


    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe


    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE


    Step 3.


    Go to control panel add/remove programs and uninstall (after we finished with disinfection you may install these programs again):


    1. Uninstall any p2p (utoorrent,limewire,bitlord, etc.). Remove their folders from program files. You may keep the files you have downloaded in a folder.


    2. Uninstall google toolbar and remove the folder from program files.


    3. Uninstall MSN Messenger and remove the folder. This is malware: C:\Program Files\MSN Messenger\MsnMsgr.Exe


    If you couldn't uninstall it use the task manager end the process MsnMsgr.Exe if you couldn't use the task manager do this:


    Run HijackThis. Click on Open the Misc Tools Section.


    Click on "Open Process Manager"


    Find and Click on Insert file path here


    Copy and paste the path C:\Program Files\MSN Messenger\MsnMsgr.Exe


    Click on "Kill Process" button, then click Yes.


    Then go to program files and remove the MSN Messenger folder


    Step 4:


    Please download ATF Cleaner by Atribune.


    Double-click ATF-Cleaner.exe to run the program.


    Under Main choose: Select All


    Click the Empty Selected button.


    Step 5:


    You need to download and install Spybot search & destroy from MajorGeeks FL


    Update and run to scan and remove anything it finds. You don't need immunization or tea timer. Keep this for on demand scanning.


    Step 6:


    Download and install the free version of lavasoft adaware 2007 from here: http://www.lavasoft.com/products/ad_aware_free.php


    Update and run a complete scan. Let remove what it finds.


    Step 7.


    Reboot, make a fresh Hijackthis log and post it to your replay. Report if spybot and adaware found anything (you may also copy and paste the scan logs).

  • farbar
    farbar
    edited February 2008

    Chesda,


    Before step 4 (applying ATF cleaner) do the following (if you have already done that do it anyway, it removes the rootkitrevealer service installed from the wrong place).


    Please run Notepad and copy the following text into a new file:



    @ECHO OFF


    sc config QQEJAXLOPRN start= disabled


    sc stop
    QQEJAXLOPRN


    sc delete QQEJAXLOPRN


    attrib -s -r -h QQEJAXLOPRN.exe


    del remove.bat



    Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files". Locate remove.bat on the Desktop and double-click on it to run it. It removes the service and disappears. Please note any errors encountered.

  • Chesda
    edited February 2008

    Fabar,


    Ok I've followed all your steps you've asked me to do, and surely it helped - i've seen a lot of improvements. Both Spybot and Ad-Aware has detected around 200 infections BD could not detect - but Ad-Aware didn't disinfect my infections, is there a way to delete all these cookies?


    Is it safe to reinstall Windows Messenger?


    Anyways thanks a lot.

  • Databaseinfo


    ===========================


    Version number: 52


    Build Number: 0


    Build Date and Time: 2008/02/14 01:45:45


    Scan Statistics


    ===========================


    Method: Full


    Scan tracking cookies.............................: On


    Scan ADS filestreams..............................: Off


    Item Scanned: 312322


    Infections Detected: 167


    Infections Ignored: 0


    Scan detailed statistics


    ===========================


    Type Critical Total


    Process Scan....: 0 0


    Registry Scan...: 0 0


    Registry PE Scan: 0 0


    Hosts File Scan.: 0 0


    File Scan.......: 0 0


    Folder Scan.....: 0 0


    LSP Scan........: 0 0


    ADS Scan........: 0 0


    Cookie Scan.....: 167 167


    File Hash Scan..: 0 0


    Infections Found


    ===========================


    Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_zemx7Fdcogx7Bmzi /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_x7Divqx7Dyx7Ciqx7Esucdbi /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_x7Babhx7Ckkx7Dkx7Cxxkx7Cx7D /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_sx7Cqccx7Dqducrbqx7Eti /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_hfex7Ekx7Dx7Fzxx /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_kefx7Dhhxxkdn /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_x7Fx60hdx7Dx7Fjfd /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_koiockmx7Cwx7Dgx7Dx60o /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_fpx7Dx7Cpcegxxutx7Evpx7Ctb /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_x7Dkfgkxxx7Eieg /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_x7Ecgozoezfo /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_x7Dbjendx7Bnx7Fxx9 /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_gijrkx7C /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_trimibs /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_bzbx7Bmfehkf /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_cx7Bczx7Cx7Chnxxej /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_fx7Efx7Fmkx7Dkx60ibgx7Df /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_fx7Cvbxxx7Cax7Dtax7Dpx7Fx3Frx7Ex7C /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_qkagrj /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_tnd /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_zx60jx7Edx60x7Dahx7Dalc /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_atamox7Ecaihem /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_bfbfdhj /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_lhlhjfdgh /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_njnjiyjeoej /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_qusuyqvux60x60xxqrx7Dqxxpx26zu /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_gxxppuuxxrexxx7Fvvpx7Ctb /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_x7Cbx7Fx7Ctcrdbeprx60acx7Eu /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_mcx7Eibalobxxgx7Dzo /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_djiqs /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_trimfqf /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_zx7Cgnefkhe /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_x60ix7Eeik /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_gijagk /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_gijupe /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_cpx7Fx7Fx7Dxxopjx7Cwmqljpxxjmx7Euvx7Bxxu /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_tghhjoxxgx7Dx7Emcoi /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_qnfvrnx7D /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_hx7Bttvsdx7Batx7Bx7Ewtx60x7Dx7Cf /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 2o7.net s_vi_ufiiknyfx7Chcx60mnc /


    Item Id: 600000461 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt ad.uk.tangozebra.com TZID /a


    Item Id: 600000513 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt adbrite.com Apache /


    Item Id: 600000513 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt adbrite.com b /


    Item Id: 600000513 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt adbrite.com fq /


    Item Id: 600000073 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt adopt.specificclick.net LO /


    Item Id: 600000073 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt adopt.specificclick.net CTCI /


    Item Id: 600000073 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt adopt.specificclick.net UI /


    Item Id: 600000295 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt adtech.de JEB2 /


    Item Id: 600000187 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt advertising.com ACID /


    Item Id: 600000187 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt advertising.com C2 /


    Item Id: 600000187 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt advertising.com ROLL /


    Item Id: 600000187 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt advertising.com BASE /


    Item Id: 600000187 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt advertising.com F1 /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt apnonline.112.2o7.net s_vi /


    Item Id: 600000179 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt atdmt.com AA002 /


    Item Id: 600000171 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt bs.serving-sys.com eyeblaster /


    Item Id: 600000304 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt devart.adbureau.net GUID /


    Item Id: 600000663 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt digitalpoint.com an /


    Item Id: 600000332 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt edge.ru4.com ru4.1019 /


    Item Id: 600000332 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt edge.ru4.com ru4.uid /


    Item Id: 600000662 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt hits.gureport.co.uk CTG /


    Item Id: 600000662 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt hits.gureport.co.uk DM54102495BWV6 /


    Item Id: 600000662 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt hits.gureport.co.uk DM550607ANADV6 /


    Item Id: 600000662 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt hits.gureport.co.uk WSS_GW /


    Item Id: 600000304 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt inl.adbureau.net GUID /


    Item Id: 600000555 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt insightexpressai.com IXAIBannerCounter27267 /


    Item Id: 600000555 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt insightexpressai.com IXAIBanners944 /


    Item Id: 600000555 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt insightexpressai.com IXAICampaignCounter944 /


    Item Id: 600000555 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt insightexpressai.com IXAIFirstHit944 /


    Item Id: 600000555 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt insightexpressai.com IXAILastHit944 /


    Item Id: 600000542 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt ivwbox.de i00 /


    Item Id: 600000661 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt kontera.com limps /


    Item Id: 600000661 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt kontera.com cluid /


    Item Id: 600000661 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt kontera.com imprs /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt msnportal.112.2o7.net s_vi /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt multiply.112.2o7.net s_vi /


    Item Id: 600000524 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt nextstat.com nextstat_711_1 /


    Item Id: 600000524 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt nextstat.com nextstat_tst_711 /


    Item Id: 600000101 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt overture.com CMUserData /


    Item Id: 600000095 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt perf.overture.com SYSTEM_USER_ID /


    Item Id: 600000304 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt prospect.adbureau.net GUID /


    Item Id: 600000083 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt realcommercial.co.nz EmailAddress /


    Item Id: 600000083 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt realestate.com.au GUID /


    Item Id: 600000083 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt realmedia.com 8020975_english_trk /


    Item Id: 600000083 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt realmedia.com RMFD /


    Item Id: 600000083 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt realmedia.com RMID /


    Item Id: 600000083 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt realtechnetwork.net u /


    Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt revsci.net NETSEGS_J06575 /


    Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt revsci.net 01AI /


    Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt revsci.net rsi_cls_1000000 /


    Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt revsci.net rsi_segs_1000000 /


    Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt revsci.net NETID01 /


    Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt revsci.net NETSEGS_F07607 /


    Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt revsci.net NETSEGS_E05516 /


    Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt revsci.net NETSEGS_J05530 /


    Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt revsci.net NETSEGS_E06560 /


    Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt revsci.net NETSEGS_G07610 /


    Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt revsci.net NETSEGS_C07583 /


    Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt revsci.net NETSEGS_J05532 /


    Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt revsci.net NETSEGS_K05540 /


    Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt revsci.net 01AIS /


    Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt revsci.net 01IS /


    Item Id: 600000304 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt rocku.adbureau.net AAMBLC /


    Item Id: 600000304 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt rocku.adbureau.net GUID /


    Item Id: 600000408 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt serving-sys.com A2 /


    Item Id: 600000408 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt serving-sys.com B2 /


    Item Id: 600000408 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt serving-sys.com C3 /


    Item Id: 600000408 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt serving-sys.com D3 /


    Item Id: 600000408 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt serving-sys.com E2 /


    Item Id: 600000408 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt serving-sys.com U /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt sonymediasoftware.112.2o7.net s_vi /


    Item Id: 600000073 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt specificclick.net dmc /


    Item Id: 600000073 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt specificclick.net dmk /


    Item Id: 600000073 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt specificclick.net dmp /


    Item Id: 600000073 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt specificclick.net smc /


    Item Id: 600000073 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt specificclick.net smk /


    Item Id: 600000073 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt specificclick.net smx /


    Item Id: 600000400 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt tacoda.net Anxd /


    Item Id: 600000400 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt tacoda.net ANRTT /


    Item Id: 600000400 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt tacoda.net TID /


    Item Id: 600000400 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt tacoda.net TData /


    Item Id: 600000400 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt tacoda.net Tcc /


    Item Id: 600000061 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt tickle.com muihtiLeulB /


    Item Id: 600000396 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt trafic.ro trafic_ranking /


    Item Id: 600000050 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt tribalfusion.com ANON_ID /


    Item Id: 600000050 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt tribalfusion.com TfCtxtAdServer /


    Item Id: 600000050 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt tribalfusion.com TfAdCountDate /


    Item Id: 600000050 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt tribalfusion.com TfAdCountMap /


    Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt usatoday1.112.2o7.net s_vi /


    Item Id: 600000304 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt videoegg.adbureau.net GUID /


    Item Id: 600000513 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 3.adbrite.com ihc_23253 /


    Item Id: 600000513 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt 3.adbrite.com ihc_52286 /


    Item Id: 600000460 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt ad.yieldmanager.com liday1 /


    Item Id: 600000460 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt ad.yieldmanager.com vuday1 /


    Item Id: 600000460 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt ad.yieldmanager.com caday1 /


    Item Id: 600000460 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt ad.yieldmanager.com uid /


    Item Id: 600000460 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt ad.yieldmanager.com fl_inst /


    Item Id: 600000460 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt ad.yieldmanager.com bh /


    Item Id: 600000460 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt ad.yieldmanager.com ih /


    Item Id: 600000460 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt ad.yieldmanager.com pv1 /


    Item Id: 600000513 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt ads.adbrite.com ihc_188244 /


    Item Id: 600000513 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt ads.adbrite.com ihc_184623 /


    Item Id: 600000513 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt ads.adbrite.com ihc_469451 /


    Item Id: 600000513 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt ads.adbrite.com ihc_506564 /


    Item Id: 600000083 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt ads.realtechnetwork.net ajdotomin1 /


    Item Id: 600000083 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt ads.realtechnetwork.net ajefc /


    Item Id: 600000083 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt ads.realtechnetwork.net ajess1_7DEF46E395DA9674C3D44D42 /


    Item Id: 600000083 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt ads.realtechnetwork.net ajcmp /


    Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt ads.revsci.net rsi_us_1000000 /adserver


    Item Id: 600000001 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt adserver.adreactor.com ADRUID /


    Item Id: 600000001 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt adserver.filefront.com phpAds_newCap[02406a0cb6783d9481c44e556570d96f] /


    Item Id: 600000001 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt adserver.filefront.com phpAds_capAd[354] /


    Item Id: 600000083 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt forums.3drealms.com ltlastactivity /vb/


    Item Id: 600000083 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt forums.3drealms.com ltlastvisit /vb/


    Item Id: 600000413 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt rotator.adjuggler.com ajess1_DE98ECEC8BFF044B24712FF1 /


    Item Id: 600000413 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt rotator.adjuggler.com ajess1_DE98ECEC8BFF04B054713F03 /


    Item Id: 600000413 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt rotator.adjuggler.com ajcmp /


    Item Id: 600000409 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt server.iad.liveperson.net HumanClickACTIVE /


    Item Id: 600000409 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt server.iad.liveperson.net HumanClickID /


    Item Id: 600000409 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt server.iad.liveperson.net HumanClickID /hc/19452074


    Item Id: 600000409 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt server.iad.liveperson.net HumanClickID /hc/76939377


    Item Id: 600000190 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt www.googleadservices.com Conversion /pagead/conversion/1062221763/


    Item Id: 600000190 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt www.googleadservices.com Conversion /pagead/conversion/1062483481/


    Item Id: 600000190 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt www.googleadservices.com Conversion /pagead/conversion/1065748612/


    Item Id: 600000190 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt www.googleadservices.com Conversion /pagead/conversion/1069963850/


    Item Id: 600000190 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt www.googleadservices.com Conversion /pagead/conversion/1071941806/


    Item Id: 600000386 Value: Browser: Firefox Cookie: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default\cookies.txt www.newworld.co.nz NewWorld /

  • farbar
    farbar
    edited February 2008

    I expected a more detailed feedback (specially on step 3) and a fresh hijackthis log as I could spot more serious treats than the cookies and give you the clean sign and the next step. How is your computer behaving?, how is your CPU usage? Do you notice any unusual thing? Have you spotted any suspicious entry in your firewall? what are the exe or path to those, etc.


    Anyway yes you can use ATF cleaner to remove those cookies:


    1. Using ATF cleaner

    • Run ATFcleaner-Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.


    2. Manually:

    • Unhide the hidden files and folders
    • Go to this folder C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/6age7vbi.default
    • and remove the items inside it.
    And you can install MSN messenger and google toolbar. But I would have preferred to see your HJT log first.


    So I am not finished with it if you are it is up to you.

  • Chesda
    edited February 2008

    Umm, sometimes my Firewall keeps getting disabled and the "X" on the net zone doesn't show up.


    And now when i boot it has this "please wait........................" screen.


    Here are some suspected entry in my Firewall rules:


    fwqs8.png


    New HJT Log


    Logfile of Trend Micro HijackThis v2.0.2


    Scan saved at 2:46:52 PM, on 2/17/2008


    Platform: Windows XP SP2 (WinNT 5.01.2600)


    MSIE: Internet Explorer v7.00 (7.00.6000.16608)


    Boot mode: Normal


    Running processes:


    C:\WINDOWS\System32\smss.exe


    C:\WINDOWS\system32\winlogon.exe


    C:\WINDOWS\system32\services.exe


    C:\WINDOWS\system32\lsass.exe


    C:\WINDOWS\system32\Ati2evxx.exe


    C:\WINDOWS\system32\svchost.exe


    C:\WINDOWS\System32\svchost.exe


    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe


    C:\WINDOWS\system32\Ati2evxx.exe


    C:\WINDOWS\Explorer.EXE


    C:\WINDOWS\system32\spoolsv.exe


    C:\WINDOWS\ehome\ehtray.exe


    C:\WINDOWS\RTHDCPL.EXE


    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe


    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe


    C:\WINDOWS\system32\ctfmon.exe


    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    C:\WINDOWS\arservice.exe


    C:\WINDOWS\eHome\ehRecvr.exe


    C:\WINDOWS\eHome\ehSched.exe


    C:\Program Files\Common Files\LightScribe\LSSrvc.exe


    C:\WINDOWS\system32\svchost.exe


    C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


    C:\WINDOWS\System32\svchost.exe


    C:\WINDOWS\eHome\ehmsas.exe


    C:\WINDOWS\system32\dllhost.exe


    C:\Program Files\BitDefender\BitDefender 2008\seccenter.exe


    C:\Program Files\SwiftSwitch\SwiftSwitch.exe


    C:\Program Files\Mozilla Firefox\firefox.exe


    C:\WINDOWS\system32\wuauclt.exe


    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll


    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll


    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll


    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe


    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode


    O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32


    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC


    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE


    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE


    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe


    O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"


    O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"


    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')


    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')


    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')


    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')


    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe


    O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe


    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll


    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll


    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm


    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm


    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)


    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)


    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204


    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab


    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab


    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab


    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe


    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe


    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe


    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe


    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe


    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe


    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


    O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)


    O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)


    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


    --


    End of file - 7713 bytes

  • No edit option :mellow:


    Everytime i shut down theres always "Turn off without installing updates" and "Turn off installing updates".

  • farbar
    farbar
    edited February 2008

    Congratulation! Your log is clean.


    Don't worry about the shutting off the firewall and the "please wait" when you reboot. I have got this the last days and I have checked BD update log. They happened when BD updated. When you get those just reboot in order to let updates to be installed. If you get this just check the update log. It shows the exact time the update takes place.


    Step 1


    I took a look at your firewall rules (good move posting the image). The very dangerous Trojan had made your ports open (port forwarding) to all going and coming traffic. In fact you did not have a firewall at all.


    • Set your firewall setting to the highest. Every time an application on your system tries to make contact with outside you get a warning from firewall asking you to allow or deny access. You have to see if that is a legit application (for example a program you trying to download updates) or a Trojan.
    • On the same window you have made the image click Reset Profile, select My computer is connected to a home,…close BD settings window again. Open the setting-firewall-traffic- when you check hide system processes it should shows an empty window. From now on give permission to the programs you now. Or when you are installing a known program.
    • Note that sometime the firewall first blocks contact then imports the rule. It means after resetting the firewall you may not get connection to Internet the first time you allow an application (or you open the start page to make connection). In that case after allowing the permission close IE or application and then reopen or run it again. Once the rule is established the firewall doesn't ask you again. You can also set the rules manually.
    Step 2


    Reboot and run ATF cleaner.


    Check if your computer is running fine. Then empty your system volume information to get rid of recreation of infection by windows recovery. To do that: go to start-control panel- system- system restore- check turn off system restore on all drives. Click apply. By doing this you loose all your (often infected) restore points. Reboot and uncheck "turn off system restore on all drives' to create a clean restore point.



    If you have not updated your adobe acrobat 7 (there is a security patch) I recommend you to do it. Or download the latest version.


    Your printer needs to be installed again since you have removed its service file (HPZipm12.exe).


    You may install those programs now.


    I recommend you downloading and installing the free version of AVG antispyware. Updating it and doing a complete/full system scan. About the cookies or infections these programs find if you set the option they remove the cookies for you.


    Keep an eye on your firewall from time to time.


    If you notice anything unusual or have questions let me know.


    Have a nice day.

  • Thanks, nice to know that my PC is clean now :P


    Ok i will install AVG antispyware.


    bdgc1.png

  • You are welcome chesda.