Please help me with getting rid of this annoying WinFixer popup. Here's my HJT log followed by the uninstall list:

Logfile of HijackThis v1.99.1
Scan saved at 6:23:21 PM, on 1/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Scott\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gt.rr.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\ddccb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\jkkli.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [System Kernal Support] system.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [System Kernal Support] system.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124330648750
O20 - Winlogon Notify: ddccb - C:\WINDOWS\SYSTEM32\ddccb.dll
O20 - Winlogon Notify: jkkli - C:\WINDOWS\system32\jkkli.dll
O20 - Winlogon Notify: pmnll - C:\WINDOWS\system32\pmnll.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

UNINSTALL LIST:

3D Groove Playback Engine
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0
America Online (Choose which version to remove)
Ant War
Anti Boss Key
AOL Instant Messenger
aspi
ATI Control Panel
ATI Decoder
ATI Display Driver
ATI HYDRAVISION
ATI Multimedia Center 9.01
ATI Remote Wonder 2.3
Blackhawk Striker from ATI (remove only)
Blasterball 2 from ATI (remove only)
BMSE dbl
BookWorm Deluxe 1.03
Bounce Symphony from ATI (remove only)
CA eTrust PestPatrol
CCHelp
CCScore
Chuzzle Deluxe 1.0
Chuzzle Deluxe from ATI (remove only)
Conexant SmartHSFi V.9x 56K DF PCI Modem
CoolSpeech 5.0 with Mary
DAO
Dell Support 5.0.0 (766)
Digital Line Detect
DivX
DivX Player
DVDSentry
Dynomite Deluxe 2.71
ESSAdpt
ESSANUP
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
eTrust EZ Antivirus
eTrust EZ Armor
Guild Wars
HijackThis 1.99.1
HP Deskjet 6800
HP Photo & Imaging 4.1
HP Software Update
IE Help
IEC system
Insaniquarium Deluxe 1.0
Insaniquarium Deluxe from ATI (remove only)
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
InterActual Player
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2
Kodak EasyShare software
KSU
LimeWire 4.9.37
Listen Rhapsody
Macromedia Flash Player 8
Macromedia Shockwave Player
Mars Rover from ATI (remove only)
MechWarrior 4 Mercenaries
MechWarrior Vengeance
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Office Basic Edition 2003
Microsoft Text-to-Speech Engine 4.0 (English)
Modem Helper
MSN Music Assistant
MUSICMATCH® Jukebox
NetWaiting
Notifier
Orbital from ATI (remove only)
OTtBP
Overball from ATI (remove only)
P.I.E. Patch
Polar Bowler from ATI (remove only)
PowerDVD
QuickTime
RealOne Player
Retrospect 6.5
Rhapsody
Runescape Xplorer 2
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB912919)
SFR
SFR2
Shockwave
Sonic DLA
Sonic RecordNow!
Sound Blaster Live!
Starware 3.3.2.0
STX from ATI (remove only)
SuperPower (remove only)
Support Software
Untitled Screen Saver
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
USB MassStorage CardReader
Viewpoint Media Player
Virtual Warfare from ATI (remove only)
WD Media Center Driver
WildTangent GameChannel (remove only)
WildTangent Web Driver
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows SA
Windows SR 2.0
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip
Word Symphony from ATI (remove only)
Yahoo! Companion

Download VirtumundoBegone and save it to your desktop.

VirtumundoBegone >>>> http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Reboot your computer into Safe Mode

Then double click VirtumundoBeGone.exe you just downloaded and follow the instructions.

Exit when it has finished

Reboot and post a new hijackthis log please.

When I tried the VirtumundoBegone download, I got this:

"You are not authorized to view this page
You might not have permission to view this directory or page using the credentials you supplied"

Ok, post a new hijackthis log please.

I certainly appreciate the quick response. Here's a new log:

Logfile of HijackThis v1.99.1
Scan saved at 10:47:39 AM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Scott\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gt.rr.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\ddccb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\jkkli.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [System Kernal Support] system.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [System Kernal Support] system.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124330648750
O20 - Winlogon Notify: ddccb - C:\WINDOWS\SYSTEM32\ddccb.dll
O20 - Winlogon Notify: jkkli - C:\WINDOWS\system32\jkkli.dll
O20 - Winlogon Notify: pmnll - C:\WINDOWS\system32\pmnll.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

STEP 1.
======
SpySweeper
Please download http://www.webroot.com/shoppingcart/tryme.php?bjpc=64011 .
(It's a 2 week trial):

• Click the Free Trial link under to "SpySweeper" to download the program.
• Install it.
• Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed, click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into your next reply.

STEP 2.
======
Download Ewido

1. Download and install Ewido Security Suite It is a free trial version of the program.
2. Install ewido security suite
3. Launch ewido, there should be an icon on your desktop double-click it.
4. The program will now go to the main screen

STEP 3.
======
Update Ewido
You will need to update ewido to the latest definition files.

1. On the left hand side of the main screen click update
2. Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use Ewido manual updates

STEP 4.
======
Ewido Scan
Once the updates are installed do the following:

1. Click on scanner
2. Click on Complete System Scan and the scan will begin.
3. NOTE: During some scans with ewido it is finding cases of false positives.**
   o You will need to step through the process of cleaning files one-by-one.
   o If ewido detects a file you KNOW to be legitimate, select none as the action.
   o DO NOT select "Perform action on all infections"
   o If you are unsure of any entry found select none for now.
4. Once the scan has completed, there will be a button located on the bottom of the screen named Save report
5. Click Save report.
6. Save the report .txt file to your desktop.

Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")


STEP 5.
======
CWShredder

Please download and run CWShredder
Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.

STEP 6.
======

Please do an onlione scan here http://housecall.trendmicro.com/ and allow it to clean/remove what it finds.


Please post the results from SpySweeper, ewido and a new hijackthis log.

Hate to be a pain, but I get "You are not authorized to view this page" when I tried to download SpySweeper.

I went to the webroot site and I don't see a home/small business free trial, but I do see ths medium businees/enterprise free trial.

This post has been edited by ScottyG: Jan 7 2006, 09:12 PM

Stand by.... my firewall settings were a little too tight. I'm downloading SpySweeper successfully now. I'll get back to your recommended procedure and post results soon.

Thanks,
Scott

Allright... here's some results:

The SpySweeper rebooted the box while in the entity removal step, so the log file was retrieved after a reboot.

The Ewido scan had to be retried about 4 times to make it through without a Windows error that would shutdown Internet Explorer.

CWShredder was quick, but appeared to have no issues.

HouseCall scan would not kickoff and go. It would go through a a verifying and updating step, then go to idle status. I ran a system scan with my EZTrust AV software, and it was clean.

Here are the log files:

SPYSWEEPER:
********
10:45 PM: | Start of Session, Saturday, January 07, 2006 |
10:45 PM: Spy Sweeper started
10:45 PM: Sweep initiated using definitions version 597
10:45 PM: Found Trojan Horse: trojan-downloader-conhook
10:45 PM: HKCR\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\inprocserver32\ (2 subtraces) (ID = 1065932)
10:45 PM: ddccb.dll (ID = 1065932)
10:45 PM: Starting Memory Sweep
10:45 PM: Found Adware: exact navisearch
10:45 PM: Detected running threat: C:\WINDOWS\System32\nvms.dll (ID = 70411)
10:45 PM: Detected running threat: C:\WINDOWS\System32\mscb.dll (ID = 70399)
10:46 PM: Found Adware: virtumonde
10:46 PM: Detected running threat: C:\WINDOWS\SYSTEM32\jkkli.dll (ID = 77)
10:46 PM: Detected running threat: C:\WINDOWS\SYSTEM32\pmnll.dll (ID = 77)
10:49 PM: Memory Sweep Complete, Elapsed Time: 00:03:49
10:49 PM: Starting Registry Sweep
10:49 PM: HKCR\clsid\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344}\ (9 subtraces) (ID = 104006)
10:49 PM: Found Adware: blazefind
10:49 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/bridge.dll\ (2 subtraces) (ID = 104526)
10:49 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\bridge.dll (ID = 104541)
10:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\windows sr 2.0\ (4 subtraces) (ID = 104552)
10:49 PM: Found Adware: exact cashback/bargain buddy
10:49 PM: HKLM\software\cashback\ (1 subtraces) (ID = 105372)
10:49 PM: Found Adware: clearsearch
10:49 PM: HKCR\csbb.csbbcore.1\ (3 subtraces) (ID = 105593)
10:49 PM: HKCR\csbb.csbbcore\ (5 subtraces) (ID = 105594)
10:49 PM: HKLM\software\classes\csbb.csbbcore.1\ (3 subtraces) (ID = 105716)
10:49 PM: HKLM\software\classes\csbb.csbbcore\ (5 subtraces) (ID = 105717)
10:49 PM: HKLM\software\classes\interface\{15bf1d7c-9e2c-489c-aca0-ede133a06df5}\ (8 subtraces) (ID = 105721)
10:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\contextsidebar\ (ID = 105842)
10:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\mirrorunder\ (ID = 105843)
10:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\ronsidebar\ (ID = 105844)
10:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\urlsidebar\ (ID = 105846)
10:49 PM: HKCR\typelib\{abbf650c-e69a-4c95-ba45-0f2c7c2a13a4}\ (9 subtraces) (ID = 105866)
10:49 PM: Found Adware: great net downloadware
10:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\medialoads enhanced\ (2 subtraces) (ID = 125363)
10:49 PM: Found Adware: internexus dialer
10:49 PM: HKLM\software\intexusdial\ (ID = 128946)
10:49 PM: HKCR\cb.urlcatcher.1\ (3 subtraces) (ID = 135553)
10:49 PM: HKCR\cb.urlcatcher\ (3 subtraces) (ID = 135554)
10:49 PM: HKCR\clsid\{ce188402-6ee7-4022-8868-ab25173a3e14}\ (9 subtraces) (ID = 135558)
10:49 PM: HKCR\nls.urlcatcher.1\ (3 subtraces) (ID = 135565)
10:49 PM: HKCR\nls.urlcatcher\ (3 subtraces) (ID = 135566)
10:49 PM: HKLM\software\classes\nls.urlcatcher.1\ (3 subtraces) (ID = 135575)
10:49 PM: HKLM\software\classes\nls.urlcatcher\ (3 subtraces) (ID = 135576)
10:49 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344}\ (ID = 135578)
10:49 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{ce188402-6ee7-4022-8868-ab25173a3e14}\ (ID = 135579)
10:49 PM: Found Adware: networkessentials
10:49 PM: HKCR\interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee}\ (8 subtraces) (ID = 136074)
10:49 PM: HKCR\mp.mediapops.1\ (3 subtraces) (ID = 136079)
10:49 PM: HKCR\mp.mediapops\ (5 subtraces) (ID = 136080)
10:49 PM: HKLM\software\classes\interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee}\ (8 subtraces) (ID = 136147)
10:49 PM: HKLM\software\classes\mp.mediapops\ (5 subtraces) (ID = 136152)
10:49 PM: HKLM\software\classes\typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1}\ (9 subtraces) (ID = 136154)
10:49 PM: HKCR\typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1}\ (9 subtraces) (ID = 136181)
10:49 PM: Found Adware: searchexe
10:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\bmse dbl\ (2 subtraces) (ID = 140919)
10:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\ie help\ (2 subtraces) (ID = 140920)
10:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\iec system\ (2 subtraces) (ID = 140921)
10:49 PM: Found Adware: starware toolbar
10:49 PM: HKCR\clsid\{2d51d869-c36b-42bd-ae68-0a81bc771fa5}\ (6 subtraces) (ID = 142841)
10:49 PM: HKCR\clsid\{7bed0340-176b-44bc-915e-c21c1dd6f617}\ (6 subtraces) (ID = 142842)
10:49 PM: HKCR\clsid\{d49e9d35-254c-4c6a-9d17-95018d228ff5}\ (4 subtraces) (ID = 142845)
10:49 PM: HKLM\software\classes\clsid\{2d51d869-c36b-42bd-ae68-0a81bc771fa5}\ (6 subtraces) (ID = 142849)
10:49 PM: HKLM\software\classes\clsid\{7bed0340-176b-44bc-915e-c21c1dd6f617}\ (6 subtraces) (ID = 142850)
10:49 PM: HKLM\software\classes\clsid\{d49e9d35-254c-4c6a-9d17-95018d228ff5}\ (4 subtraces) (ID = 142853)
10:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\starware\ (3 subtraces) (ID = 142865)
10:49 PM: HKLM\software\cashback\ (1 subtraces) (ID = 397089)
10:49 PM: HKLM\software\classes\cb.urlcatcher\ (3 subtraces) (ID = 646640)
10:49 PM: HKLM\software\classes\cb.urlcatcher.1\ (3 subtraces) (ID = 646644)
10:49 PM: HKLM\software\classes\clsid\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344}\ (9 subtraces) (ID = 646656)
10:49 PM: HKLM\software\classes\clsid\{ce188402-6ee7-4022-8868-ab25173a3e14}\ (9 subtraces) (ID = 646666)
10:49 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{ce188402-6ee7-4022-8868-ab25173a3e14}\ (ID = 646714)
10:49 PM: Found Adware: exact bullseye
10:49 PM: HKCR\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\ (9 subtraces) (ID = 651023)
10:49 PM: HKCR\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516e2a3}\ (9 subtraces) (ID = 651043)
10:49 PM: HKLM\software\classes\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516c2e3}\ (9 subtraces) (ID = 651255)
10:49 PM: HKLM\software\classes\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (3 subtraces) (ID = 833627)
10:49 PM: HKCR\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (3 subtraces) (ID = 833628)
10:49 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (ID = 833629)
10:49 PM: HKCR\atldistrib.atldistrib\ (9 subtraces) (ID = 1030533)
10:49 PM: HKCR\atldistrib.atldistrib\clsid\ (1 subtraces) (ID = 1030535)
10:49 PM: HKCR\atldistrib.atldistrib\curver\ (1 subtraces) (ID = 1030537)
10:49 PM: HKCR\atldistrib.atldistrib.1\ (3 subtraces) (ID = 1030539)
10:49 PM: HKCR\atldistrib.atldistrib.1\clsid\ (1 subtraces) (ID = 1030541)
10:49 PM: HKLM\software\classes\atldistrib.atldistrib\ (9 subtraces) (ID = 1030666)
10:49 PM: HKLM\software\classes\atldistrib.atldistrib\clsid\ (1 subtraces) (ID = 1030668)
10:49 PM: HKLM\software\classes\atldistrib.atldistrib\curver\ (1 subtraces) (ID = 1030670)
10:49 PM: HKLM\software\classes\atldistrib.atldistrib.1\ (3 subtraces) (ID = 1030672)
10:49 PM: HKLM\software\classes\atldistrib.atldistrib.1\clsid\ (1 subtraces) (ID = 1030674)
10:49 PM: HKCR\clsid\{3fe36807-69ed-45d1-b9be-85c0e3f75b6a}\ (12 subtraces) (ID = 1037004)
10:49 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{3fe36807-69ed-45d1-b9be-85c0e3f75b6a}\ (ID = 1037057)
10:49 PM: HKLM\software\classes\clsid\{3fe36807-69ed-45d1-b9be-85c0e3f75b6a}\ (12 subtraces) (ID = 1037059)
10:49 PM: Found Adware: ebates money maker
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\microsoft\internet explorer\extensions\cmdmapping\ || {6685509e-b47b-4f47-8e16-9a5f3a62f683} (ID = 125587)
10:49 PM: Found Adware: webrebates
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}\ (6 subtraces) (ID = 125589)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}\ (6 subtraces) (ID = 125589)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\microsoft\internet explorer\menuext\web savings\ (2 subtraces) (ID = 125591)
10:49 PM: Found Adware: ieplugin
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\dsktb\ (6 subtraces) (ID = 128171)
10:49 PM: Found Adware: upspiral toolbar
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\dsktb\ (6 subtraces) (ID = 128171)
10:49 PM: Found Adware: redzip toolbar
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\dsktb\ (6 subtraces) (ID = 128171)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\intexp\ (58 subtraces) (ID = 128173)
10:49 PM: Found Adware: ieplugin hijacker
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\microsoft\internet explorer\main\ || search bar (ID = 128214)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\microsoft\internet explorer\main\ || search page (ID = 128215)
10:49 PM: Found Adware: 180search assistant/zango
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\msbb\ (17 subtraces) (ID = 135781)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\support software\ (8 subtraces) (ID = 136177)
10:49 PM: Found Adware: search-exe hijacker
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\microsoft\internet explorer\search\ || searchassistant (ID = 140932)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\starware\ (12 subtraces) (ID = 142866)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\microsoft\internet explorer\menuext\web rebates\ (2 subtraces) (ID = 146297)
10:49 PM: Found Adware: sidesearch
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1010\software\microsoft\internet explorer\extensions\cmdmapping\ || {6685509e-b47b-4f47-8e16-9a5f3a62f683} (ID = 125587)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1010\software\microsoft\internet explorer\menuext\web savings\ (2 subtraces) (ID = 125591)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1010\software\support software\ (11 subtraces) (ID = 136177)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1010\software\microsoft\internet explorer\search\ || searchassistant (ID = 140932)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1010\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1010\software\starware\ (12 subtraces) (ID = 142866)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1010\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1009\software\microsoft\internet explorer\extensions\cmdmapping\ || {6685509e-b47b-4f47-8e16-9a5f3a62f683} (ID = 125587)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1009\software\microsoft\internet explorer\menuext\web savings\ (2 subtraces) (ID = 125591)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1009\software\support software\ (8 subtraces) (ID = 136177)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1009\software\microsoft\internet explorer\search\ || searchassistant (ID = 140932)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1009\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1009\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1009\software\starware\ (12 subtraces) (ID = 142866)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1009\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1008\software\microsoft\internet explorer\extensions\cmdmapping\ || {6685509e-b47b-4f47-8e16-9a5f3a62f683} (ID = 125587)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1008\software\support software\ (8 subtraces) (ID = 136177)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1008\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1008\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1008\software\starware\ (12 subtraces) (ID = 142866)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1008\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
10:49 PM: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
10:49 PM: Registry Sweep Complete, Elapsed Time:00:00:37
10:49 PM: Starting Cookie Sweep
10:49 PM: Found Spy Cookie: sandboxer cookie
10:49 PM: kristen@0[1].txt (ID = 3282)
10:49 PM: kristen@0[3].txt (ID = 3282)
10:49 PM: Found Spy Cookie: 412 cookie
10:49 PM: kristen@412[1].txt (ID = 1969)
10:49 PM: Found Spy Cookie: 69.93.205 cookie
10:49 PM: kristen@69.93.205[2].txt (ID = 2005)
10:49 PM: Found Spy Cookie: websponsors cookie
10:49 PM: kristen@a.websponsors[2].txt (ID = 3665)
10:49 PM: Found Spy Cookie: yieldmanager cookie
10:49 PM: kristen@ad.yieldmanager[2].txt (ID = 3751)
10:49 PM: Found Spy Cookie: adecn cookie
10:49 PM: kristen@adecn[1].txt (ID = 2063)
10:49 PM: Found Spy Cookie: adlegend cookie
10:49 PM: kristen@adlegend[1].txt (ID = 2074)
10:49 PM: Found Spy Cookie: hbmediapro cookie
10:49 PM: kristen@adopt.hbmediapro[2].txt (ID = 2768)
10:49 PM: Found Spy Cookie: precisead cookie
10:49 PM: kristen@adopt.precisead[1].txt (ID = 3182)
10:49 PM: Found Spy Cookie: specificclick.com cookie
10:49 PM: kristen@adopt.specificclick[1].txt (ID = 3400)
10:49 PM: Found Spy Cookie: adrevolver cookie
10:49 PM: kristen@adrevolver[1].txt (ID = 2088)
10:49 PM: kristen@adrevolver[3].txt (ID = 2088)
10:49 PM: Found Spy Cookie: addynamix cookie
10:49 PM: kristen@ads.addynamix[1].txt (ID = 2062)
10:49 PM: Found Spy Cookie: pointroll cookie
10:49 PM: kristen@ads.pointroll[1].txt (ID = 3148)
10:49 PM: Found Spy Cookie: bpath cookie
10:49 PM: kristen@ads18.bpath[1].txt (ID = 2321)
10:49 PM: Found Spy Cookie: adultfriendfinder cookie
10:49 PM: kristen@adultfriendfinder[2].txt (ID = 2165)
10:49 PM: Found Spy Cookie: affiliate cookie
10:49 PM: kristen@affiliate[1].txt (ID = 2199)
10:49 PM: Found Spy Cookie: apmebf cookie
10:49 PM: kristen@apmebf[2].txt (ID = 2229)
10:49 PM: Found Spy Cookie: atwola cookie
10:49 PM: kristen@ar.atwola[2].txt (ID = 2256)
10:49 PM: Found Spy Cookie: ask cookie
10:49 PM: kristen@ask[1].txt (ID = 2245)
10:49 PM: Found Spy Cookie: belnk cookie
10:49 PM: kristen@ath.belnk[2].txt (ID = 2293)
10:49 PM: kristen@atwola[2].txt (ID = 2255)
10:49 PM: Found Spy Cookie: avres cookie
10:49 PM: kristen@avres[2].txt (ID = 2261)
10:49 PM: Found Spy Cookie: azjmp cookie
10:49 PM: kristen@azjmp[2].txt (ID = 2270)
10:49 PM: Found Spy Cookie: banners cookie
10:49 PM: kristen@banners[2].txt (ID = 2282)
10:49 PM: Found Spy Cookie: banner cookie
10:49 PM: kristen@banner[1].txt (ID = 2276)
10:49 PM: kristen@belnk[1].txt (ID = 2292)
10:49 PM: Found Spy Cookie: enhance cookie
10:49 PM: kristen@c.enhance[1].txt (ID = 2614)
10:49 PM: Found Spy Cookie: goclick cookie
10:49 PM: kristen@c.goclick[2].txt (ID = 2733)
10:49 PM: Found Spy Cookie: 2o7.net cookie
10:49 PM: kristen@cnn.122.2o7[1].txt (ID = 1958)
10:49 PM: Found Spy Cookie: 180solutions cookie
10:49 PM: kristen@config.180solutions[1].txt (ID = 1934)
10:49 PM: Found Spy Cookie: tickle cookie
10:49 PM: kristen@cookie.tickle[1].txt (ID = 3530)
10:49 PM: Found Spy Cookie: customer cookie
10:49 PM: kristen@customer[1].txt (ID = 2481)
10:49 PM: kristen@customer[2].txt (ID = 2481)
10:49 PM: Found Spy Cookie: overture cookie
10:49 PM: kristen@data3.perf.overture[2].txt (ID = 3106)
10:49 PM: Found Spy Cookie: directtrack cookie
10:49 PM: kristen@directtrack[1].txt (ID = 2527)
10:49 PM: Found Spy Cookie: go.com cookie
10:49 PM: kristen@disney.go[2].txt (ID = 2729)
10:49 PM: kristen@dist.belnk[2].txt (ID = 2293)
10:49 PM: Found Spy Cookie: exitexchange cookie
10:49 PM: kristen@exitexchange[1].txt (ID = 2633)
10:49 PM: Found Spy Cookie: goldenpalace cookie
10:49 PM: kristen@goldenpalace[1].txt (ID = 2734)
10:49 PM: kristen@go[1].txt (ID = 2728)
10:49 PM: Found Spy Cookie: clickandtrack cookie
10:49 PM: kristen@hits.clickandtrack[1].txt (ID = 2397)
10:49 PM: Found Spy Cookie: homestore cookie
10:49 PM: kristen@homestore[1].txt (ID = 2793)
10:49 PM: Found Spy Cookie: about cookie
10:49 PM: kristen@humor.about[1].txt (ID = 2038)
10:49 PM: Found Spy Cookie: screensavers.com cookie
10:49 PM: kristen@i.screensavers[2].txt (ID = 3298)
10:49 PM: Found Spy Cookie: incredifind cookie
10:49 PM: kristen@incredifind[2].txt (ID = 2849)
10:49 PM: kristen@installs.180solutions[1].txt (ID = 1934)
10:49 PM: Found Spy Cookie: kount cookie
10:49 PM: kristen@kount[2].txt (ID = 2911)
10:49 PM: Found Spy Cookie: netster cookie
10:49 PM: kristen@lb1.netster[1].txt (ID = 3072)
10:49 PM: kristen@media.homestore[1].txt (ID = 2794)
10:49 PM: Found Spy Cookie: ugo cookie
10:49 PM: kristen@mediamgr.ugo[2].txt (ID = 3609)
10:49 PM: kristen@msnportal.112.2o7[1].txt (ID = 1958)
10:49 PM: Found Spy Cookie: mywebsearch cookie
10:49 PM: kristen@mywebsearch[2].txt (ID = 3051)
10:49 PM: Found Spy Cookie: nextag cookie
10:49 PM: kristen@nextag[1].txt (ID = 5014)
10:49 PM: Found Spy Cookie: offeroptimizer cookie
10:49 PM: kristen@offeroptimizer[1].txt (ID = 3087)
10:49 PM: kristen@overture[2].txt (ID = 3105)
10:49 PM: kristen@perf.overture[1].txt (ID = 3106)
10:49 PM: kristen@psc.disney.go[1].txt (ID = 2729)
10:49 PM: kristen@rapidresponse.directtrack[2].txt (ID = 2528)
10:49 PM: Found Spy Cookie: rednova cookie
10:49 PM: kristen@rednova[1].txt (ID = 3245)
10:49 PM: Found Spy Cookie: rightmedia cookie
10:49 PM: kristen@rightmedia[2].txt (ID = 3259)
10:49 PM: Found Spy Cookie: server.iad.liveperson cookie
10:49 PM: kristen@server.iad.liveperson[2].txt (ID = 3341)
10:49 PM: Found Spy Cookie: servlet cookie
10:49 PM: kristen@servlet[1].txt (ID = 3345)
10:49 PM: Found Spy Cookie: spywarestormer cookie
10:49 PM: kristen@spywarestormer[1].txt (ID = 3417)
10:50 PM: Found Spy Cookie: reliablestats cookie
10:50 PM: kristen@stats1.reliablestats[1].txt (ID = 3254)
10:50 PM: kristen@tickle[2].txt (ID = 3529)
10:50 PM: Found Spy Cookie: tracking cookie
10:50 PM: kristen@tracking[1].txt (ID = 3571)
10:50 PM: Found Spy Cookie: coremetrics cookie
10:50 PM: kristen@twci.coremetrics[1].txt (ID = 2472)
10:50 PM: Found Spy Cookie: uproar cookie
10:50 PM: kristen@uproar[2].txt (ID = 3612)
10:50 PM: kristen@web.tickle[1].txt (ID = 3530)
10:50 PM: Found Spy Cookie: webservicehosts cookie
10:50 PM: kristen@webservicehosts[2].txt (ID = 3662)
10:50 PM: Found Spy Cookie: affiliatefuel.com cookie
10:50 PM: kristen@www.affiliatefuel[1].txt (ID = 2202)
10:50 PM: kristen@www.disney.go[1].txt (ID = 2729)
10:50 PM: kristen@www.goldenpalace[1].txt (ID = 2735)
10:50 PM: kristen@www.rednova[1].txt (ID = 3246)
10:50 PM: kristen@www.screensavers[1].txt (ID = 3298)
10:50 PM: Found Spy Cookie: toprebates.com cookie
10:50 PM: kristen@www.toprebates[2].txt (ID = 3562)
10:50 PM: Found Spy Cookie: yadro cookie
10:50 PM: kristen@yadro[1].txt (ID = 3743)
10:50 PM: kristen@yieldmanager[2].txt (ID = 3749)
10:50 PM: tyler@ad.yieldmanager[1].txt (ID = 3751)
10:50 PM: tyler@adopt.specificclick[2].txt (ID = 3400)
10:50 PM: tyler@ask[1].txt (ID = 2245)
10:50 PM: tyler@atwola[1].txt (ID = 2255)
10:50 PM: tyler@stats1.reliablestats[2].txt (ID = 3254)
10:50 PM: kim@ad.yieldmanager[1].txt (ID = 3751)
10:50 PM: kim@adopt.specificclick[1].txt (ID = 3400)
10:50 PM: kim@adrevolver[2].txt (ID = 2088)
10:50 PM: kim@adrevolver[3].txt (ID = 2088)
10:50 PM: kim@ads.addynamix[1].txt (ID = 2062)
10:50 PM: kim@ads.pointroll[2].txt (ID = 3148)
10:50 PM: kim@apmebf[2].txt (ID = 2229)
10:50 PM: kim@ask[2].txt (ID = 2245)
10:50 PM: kim@ath.belnk[1].txt (ID = 2293)
10:50 PM: kim@atwola[1].txt (ID = 2255)
10:50 PM: kim@azjmp[2].txt (ID = 2270)
10:50 PM: kim@banner[1].txt (ID = 2276)
10:50 PM: kim@belnk[2].txt (ID = 2292)
10:50 PM: kim@cnn.122.2o7[1].txt (ID = 1958)
10:50 PM: kim@cookie.tickle[1].txt (ID = 3530)
10:50 PM: Found Spy Cookie: 360i cookie
10:50 PM: kim@ct.360i[2].txt (ID = 1962)
10:50 PM: kim@dist.belnk[1].txt (ID = 2293)
10:50 PM: kim@overture[2].txt (ID = 3105)
10:50 PM: kim@perf.overture[1].txt (ID = 3106)
10:50 PM: kim@server.iad.liveperson[2].txt (ID = 3341)
10:50 PM: kim@stats1.reliablestats[1].txt (ID = 3254)
10:50 PM: kim@tickle[2].txt (ID = 3529)
10:50 PM: kim@tracking[2].txt (ID = 3571)
10:50 PM: kim@twci.coremetrics[1].txt (ID = 2472)
10:50 PM: Found Spy Cookie: burstbeacon cookie
10:50 PM: kim@www.burstbeacon[1].txt (ID = 2335)
10:50 PM: Found Spy Cookie: web-stat cookie
10:50 PM: kim@www.web-stat[2].txt (ID = 3649)
10:50 PM: scott@ads.pointroll[2].txt (ID = 3148)
10:50 PM: Found Spy Cookie: sharewareonline cookie
10:50 PM: scott@adserver.sharewareonline[1].txt (ID = 3366)
10:50 PM: scott@apmebf[1].txt (ID = 2229)
10:50 PM: scott@atwola[1].txt (ID = 2255)
10:50 PM: scott@cnn.122.2o7[1].txt (ID = 1958)
10:50 PM: scott@data3.perf.overture[2].txt (ID = 3106)
10:50 PM: scott@nextag[1].txt (ID = 5014)
10:50 PM: Found Spy Cookie: partypoker cookie
10:50 PM: scott@partypoker[2].txt (ID = 3111)
10:50 PM: scott@perf.overture[1].txt (ID = 3106)
10:50 PM: Found Spy Cookie: qsrch cookie
10:50 PM: scott@qsrch[1].txt (ID = 3215)
10:50 PM: scott@stats1.reliablestats[2].txt (ID = 3254)
10:50 PM: Cookie Sweep Complete, Elapsed Time: 00:00:07
10:50 PM: Starting File Sweep
10:50 PM: c:\documents and settings\kristen\application data\starware (47 subtraces) (ID = -2147480225)
10:50 PM: c:\documents and settings\tyler\application data\starware (45 subtraces) (ID = -2147480225)
10:50 PM: c:\documents and settings\kristen\local settings\temp\fleok (ID = -2147480558)
10:50 PM: c:\program files\support software (ID = -2147480532)
10:50 PM: c:\documents and settings\all users\application data\starware (18 subtraces) (ID = -2147480224)
10:50 PM: c:\program files\starware (6 subtraces) (ID = -2147480223)
10:50 PM: c:\documents and settings\kristen\local settings\temp\clrsch (ID = -2147481250)
10:50 PM: c:\program files\websavingsfromebates (31 subtraces) (ID = -2147481067)
10:50 PM: c:\documents and settings\kim\application data\starware (45 subtraces) (ID = -2147480225)
10:50 PM: c:\program files\se (4 subtraces) (ID = -2147480358)
10:50 PM: c:\program files\medialoads (173 subtraces) (ID = -2147481081)
10:50 PM: c:\documents and settings\scott\application data\starware (45 subtraces) (ID = -2147480225)
10:51 PM: Found Adware: comet cursor
10:51 PM: dm.inf (ID = 53551)
10:52 PM: Found Adware: ist yoursitebar
10:52 PM: ysbactivex.dll (ID = 133888)
10:55 PM: res11e.tmp (ID = 70500)
10:56 PM: Found Adware: elitemediagroup-mediamotor
10:56 PM: mm20.inf (ID = 74036)
10:57 PM: resaf.tmp (ID = 70507)
11:03 PM: unstsa2.exe (ID = 51496)
11:04 PM: msbb.exe (ID = 70556)
11:04 PM: ncmyb.dll (ID = 70584)
11:04 PM: bargain3.exe (ID = 50540)
11:04 PM: Found Trojan Horse: trojan downloader sysupdates
11:04 PM: wsebate1.exe (ID = 80968)
11:05 PM: nvms.dll (ID = 70411)
11:05 PM: mscb.dll (ID = 70399)
11:05 PM: omniband.dll (ID = 111868)
11:07 PM: rgrt.exe (ID = 63365)
11:07 PM: bidulator.exe (ID = 115242)
11:08 PM: cdt_bbi8016.exe (ID = 50582)
11:08 PM: delb.tmp (ID = 70620)
11:08 PM: djebmm350.exe (ID = 59578)
11:08 PM: delaf.tmp (ID = 70620)
11:08 PM: zangoinstaller.exe (ID = 184234)
11:10 PM: axuninstall.exe (ID = 111862)
11:10 PM: bm.dat (ID = 74957)
11:10 PM: dwcg2.exe (ID = 59299)
11:11 PM: mmaker2.exe (ID = 59683)
11:11 PM: key2.txt (ID = 51468)
11:13 PM: roing17.ocx (ID = 74133)
11:13 PM: roing17.ocx (ID = 74133)
11:13 PM: Found Adware: twain-tech
11:13 PM: twaintec.inf (ID = 81888)
11:13 PM: Found Adware: directrevenue-abetterinternet
11:13 PM: alchem.inf (ID = 83109)
11:13 PM: alchem.ini (ID = 83112)
11:13 PM: twaintec.inf (ID = 81889)
11:13 PM: twaintec.inf (ID = 81889)
11:13 PM: Found Adware: ezsearchbar
11:13 PM: ctadl.inf (ID = 60336)
11:13 PM: alchem.inf (ID = 83109)
11:13 PM: twaintec.inf (ID = 81889)
11:14 PM: File Sweep Complete, Elapsed Time: 00:24:24
11:14 PM: Full Sweep has completed. Elapsed time 00:29:07
11:14 PM: Traces Found: 1173
11:15 PM: Removal process initiated
11:20 PM: Quarantining All Traces: 180search assistant/zango
11:20 PM: Quarantining All Traces: clearsearch
11:20 PM: Quarantining All Traces: directrevenue-abetterinternet
11:20 PM: Quarantining All Traces: virtumonde
11:20 PM: virtumonde is in use. It will be removed on reboot.
11:20 PM: C:\WINDOWS\SYSTEM32\jkkli.dll is in use. It will be removed on reboot.
11:20 PM: C:\WINDOWS\SYSTEM32\pmnll.dll is in use. It will be removed on reboot.
11:20 PM: Quarantining All Traces: blazefind
11:20 PM: Quarantining All Traces: comet cursor
11:20 PM: Quarantining All Traces: searchexe
11:20 PM: Quarantining All Traces: sidesearch
11:21 PM: Quarantining All Traces: starware toolbar
11:21 PM: Quarantining All Traces: trojan downloader sysupdates
11:21 PM: Quarantining All Traces: trojan-downloader-conhook
11:21 PM: trojan-downloader-conhook is in use. It will be removed on reboot.
11:21 PM: ddccb.dll is in use. It will be removed on reboot.
11:21 PM: Quarantining All Traces: ebates money maker
11:21 PM: Quarantining All Traces: elitemediagroup-mediamotor
11:21 PM: Quarantining All Traces: exact bullseye
11:21 PM: Quarantining All Traces: exact cashback/bargain buddy
11:21 PM: Quarantining All Traces: exact navisearch
11:22 PM: exact navisearch is in use. It will be removed on reboot.
11:22 PM: nvms.dll is in use. It will be removed on reboot.
11:22 PM: mscb.dll is in use. It will be removed on reboot.
11:22 PM: Quarantining All Traces: ezsearchbar
11:22 PM: Quarantining All Traces: great net downloadware
11:22 PM: Quarantining All Traces: ieplugin hijacker
11:22 PM: Quarantining All Traces: ieplugin
11:22 PM: Quarantining All Traces: internexus dialer
11:22 PM: Quarantining All Traces: ist yoursitebar
11:22 PM: Quarantining All Traces: networkessentials
11:22 PM: Quarantining All Traces: redzip toolbar
11:22 PM: Quarantining All Traces: search-exe hijacker
11:22 PM: Quarantining All Traces: twain-tech
11:22 PM: Quarantining All Traces: upspiral toolbar
11:22 PM: Quarantining All Traces: webrebates
11:22 PM: Quarantining All Traces: 180solutions cookie
11:22 PM: Quarantining All Traces: 2o7.net cookie
11:22 PM: Quarantining All Traces: 360i cookie
11:22 PM: Quarantining All Traces: 412 cookie
11:22 PM: Quarantining All Traces: 69.93.205 cookie
11:22 PM: Quarantining All Traces: about cookie
11:22 PM: Quarantining All Traces: addynamix cookie
11:22 PM: Quarantining All Traces: adecn cookie
11:22 PM: Quarantining All Traces: adlegend cookie
11:22 PM: Quarantining All Traces: adrevolver cookie
11:22 PM: Quarantining All Traces: adultfriendfinder cookie
11:22 PM: Quarantining All Traces: affiliate cookie
11:22 PM: Quarantining All Traces: affiliatefuel.com cookie
11:22 PM: Quarantining All Traces: apmebf cookie
11:22 PM: Quarantining All Traces: ask cookie
11:22 PM: Quarantining All Traces: atwola cookie
11:22 PM: Quarantining All Traces: avres cookie
11:22 PM: Quarantining All Traces: azjmp cookie
11:22 PM: Quarantining All Traces: banner cookie
11:22 PM: Quarantining All Traces: banners cookie
11:22 PM: Quarantining All Traces: belnk cookie
11:22 PM: Quarantining All Traces: bpath cookie
11:22 PM: Quarantining All Traces: burstbeacon cookie
11:22 PM: Quarantining All Traces: clickandtrack cookie
11:22 PM: Quarantining All Traces: coremetrics cookie
11:22 PM: Quarantining All Traces: customer cookie
11:22 PM: Quarantining All Traces: directtrack cookie
11:22 PM: Quarantining All Traces: enhance cookie
11:22 PM: Quarantining All Traces: exitexchange cookie
11:22 PM: Quarantining All Traces: go.com cookie
11:22 PM: Quarantining All Traces: goclick cookie
11:22 PM: Quarantining All Traces: goldenpalace cookie
11:22 PM: Quarantining All Traces: hbmediapro cookie
11:22 PM: Quarantining All Traces: homestore cookie
11:22 PM: Quarantining All Traces: incredifind cookie
11:22 PM: Quarantining All Traces: kount cookie
11:22 PM: Quarantining All Traces: mywebsearch cookie
11:22 PM: Quarantining All Traces: netster cookie
11:22 PM: Quarantining All Traces: nextag cookie
11:22 PM: Quarantining All Traces: offeroptimizer cookie
11:22 PM: Quarantining All Traces: overture cookie
11:22 PM: Quarantining All Traces: partypoker cookie
11:22 PM: Quarantining All Traces: pointroll cookie
11:22 PM: Quarantining All Traces: precisead cookie
11:22 PM: Quarantining All Traces: qsrch cookie
11:22 PM: Quarantining All Traces: rednova cookie
11:22 PM: Quarantining All Traces: reliablestats cookie
11:22 PM: Quarantining All Traces: rightmedia cookie
11:22 PM: Quarantining All Traces: sandboxer cookie
11:22 PM: Quarantining All Traces: screensavers.com cookie
11:22 PM: Quarantining All Traces: server.iad.liveperson cookie
11:22 PM: Quarantining All Traces: servlet cookie
11:22 PM: Quarantining All Traces: sharewareonline cookie
11:22 PM: Quarantining All Traces: specificclick.com cookie
11:22 PM: Quarantining All Traces: spywarestormer cookie
11:22 PM: Quarantining All Traces: tickle cookie
11:22 PM: Quarantining All Traces: toprebates.com cookie
11:22 PM: Quarantining All Traces: tracking cookie
11:22 PM: Quarantining All Traces: ugo cookie
11:22 PM: Quarantining All Traces: uproar cookie
11:22 PM: Quarantining All Traces: webservicehosts cookie
11:22 PM: Quarantining All Traces: websponsors cookie
11:22 PM: Quarantining All Traces: web-stat cookie
11:22 PM: Quarantining All Traces: yadro cookie
11:22 PM: Quarantining All Traces: yieldmanager cookie
11:23 PM: Warning: The media is write protected
********
10:43 PM: | Start of Session, Saturday, January 07, 2006 |
10:43 PM: Spy Sweeper started
10:44 PM: Your spyware definitions have been updated.
10:45 PM: | End of Session, Saturday, January 07, 2006 |

EWIDO:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:50:29 AM, 1/8/2006
+ Report-Checksum: A3D81330

+ Scan result:

C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wfk4oid5mfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wfkokmajklo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wfkyqocjkfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wflocldpiao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wflyukd5cgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wflywnczolq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wfmighc5oep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wfmycmcjwko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wgkiqkdpado.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjk4glajsdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjk4ukczibq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjkyakczwfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjkyggdpgbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjkyopdpefo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjkysgdzidq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjlicmcjslp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjlikpcpkeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjliskazwhp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjliskcpcho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjlisocjibp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjlyemdzwbq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjmiclajmbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjny-1odjsd.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjnyapazcdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjnycnajmhp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjnycpdjwfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjnygpdzwlp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjnyolc5obo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@ehg-hyundaiusa.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@ehg-nestleusainc.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@ehg-newscientist.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@ehg-pfizer.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@ehg-rr.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@ads.specificpop[2].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@ads.x10[1].txt -> Spyware.Cookie.X10 : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@ehg-rr.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@media.fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@twci.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@z1.adserver[2].txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.8:C:�