WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

new Hijackthis scan

Started by highc1000 , Jun 19 2006 07:21 PM

This topic is locked

28 replies to this topic

#1 highc1000

Authentic Member

Authentic Member
32 posts

Posted 19 June 2006 - 07:21 PM

I am able to stay online for limited periods of time before it seems like my computer is taken over and it is like my connection goes dead. At that point I am no longer able to access the web and I need to restart the computer. This doesn not look good. I have done a few things that have been recommended to others in this forum. I hope you can help me!

Logfile of HijackThis v1.99.1
Scan saved at 9:14:14 PM, on 6/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Documents and Settings\Chris\My Documents\My Received Files\Downloads\HiJackThis\hijackthis.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink...ton/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe" -l
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [WindowFX] C:\PROGRA~1\Stardock\OBJECT~1\WindowFX\\wfxload.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.2.1.87.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1141574630858
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141592235687
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Advertisements

Register to Remove

#2 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 19 June 2006 - 07:46 PM

http://forums.tomcoy...topic=64987&hl=

Please stay in one topic.
Please use the Posted Image

Button below to reply. Thanks

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#3 highc1000

Authentic Member

Authentic Member
32 posts

Posted 19 June 2006 - 08:44 PM

OK, will do. Now Norton just came up and said I had a trojan as well...not a good night at all. Here is the latest ewido scan. I may be spinning my wheels at this point. Thanks for any help! --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 10:23:06 PM, 6/19/2006 + Report-Checksum: BBFA4A81 + Scan result: HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Adware.WebHancer : Error during cleaning HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Adware.WebHancer : Error during cleaning C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@ad.yieldmanager[4].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@adopt.specificclick[3].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@burstnet[3].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@cnn.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@com[1].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@microsofteup.112.2o7[3].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@news.com[1].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@stubhub.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\chris.brewer@earthlink.net\Cookies\chris@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.6:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.7:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.8:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.9:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.10:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.11:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.12:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.13:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.14:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.15:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.16:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.17:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.18:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.25:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.26:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.27:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.28:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup :mozilla.31:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.32:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.33:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.36:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.37:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.38:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.39:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.50:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.51:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.52:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.53:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.61:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.62:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.63:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.64:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.73:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.118:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup :mozilla.160:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.161:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.168:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.201:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.202:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.209:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.221:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.222:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.223:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.225:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.226:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.227:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.228:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.245:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.246:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.247:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.253:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.262:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.263:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.276:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.277:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.278:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.279:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.280:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.281:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.282:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.286:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.291:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.318:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup :mozilla.331:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup :mozilla.354:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.355:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.357:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.358:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.359:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.362:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.372:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.373:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.374:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\7mjjhzvt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@news.com[1].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@stubhub.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Chris\Cookies\chris@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\Paige\Cookies\paige@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Paige\Cookies\paige@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Paige\Cookies\paige@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup C:\Documents and Settings\Paige\Cookies\paige@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup C:\Documents and Settings\Paige\Cookies\paige@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Paige\Cookies\paige@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Paige\Cookies\paige@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Paige\Cookies\paige@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Paige\Cookies\paige@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Paige\Cookies\paige@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Paige\Cookies\paige@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Paige\Cookies\paige@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Paige\Cookies\paige@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Paige\Cookies\paige@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Paige\Cookies\paige@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\RECYCLER\NPROTECT\00345583.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345584.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345590.TXT -> TrackingCookie.Trafficmp : Cleaned with backup C:\RECYCLER\NPROTECT\00345591.TXT -> TrackingCookie.Trafficmp : Cleaned with backup C:\RECYCLER\NPROTECT\00345592.TXT -> TrackingCookie.Trafficmp : Cleaned with backup C:\RECYCLER\NPROTECT\00345593.TXT -> TrackingCookie.Trafficmp : Cleaned with backup C:\RECYCLER\NPROTECT\00345594.TXT -> TrackingCookie.Trafficmp : Cleaned with backup C:\RECYCLER\NPROTECT\00345598.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345599.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345602.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345603.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345604.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345610.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345611.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345616.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345617.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345621.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345622.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345627.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345628.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345629.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345633.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345634.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345635.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345642.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345643.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345644.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345647.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345648.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345649.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345654.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345655.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345667.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345668.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345671.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345672.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345704.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345705.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345710.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345711.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345715.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00345716.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00345717.TXT -> TrackingCookie.Fastclick : Cleaned with backup C:\RECYCLER\NPROTECT\00345718.TXT -> TrackingCookie.Fastclick : Cleaned with backup C:\RECYCLER\NPROTECT\00345723.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345724.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345725.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345726.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345727.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345728.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345729.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345733.TXT -> TrackingCookie.Fastclick : Cleaned with backup C:\RECYCLER\NPROTECT\00345734.TXT -> TrackingCookie.Fastclick : Cleaned with backup C:\RECYCLER\NPROTECT\00345735.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00345736.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00345739.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00345740.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00345741.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345742.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345743.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345747.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00345748.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00345758.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00345759.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00345764.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00345765.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00345766.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345767.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345768.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345770.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00345771.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00345774.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00345775.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00345798.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00345799.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00345800.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345801.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345802.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345905.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345906.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345907.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345910.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345911.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345912.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345913.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345914.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345918.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00345920.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00345924.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345925.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345926.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345927.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345928.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345929.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345930.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345931.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345932.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345935.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345936.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345937.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345938.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345939.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345940.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345949.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345950.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345951.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345956.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345958.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345959.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345963.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345964.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345965.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345976.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345977.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345978.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345981.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345982.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345983.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00345986.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345987.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345988.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345991.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345992.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00345993.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346001.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346002.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346003.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346051.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346052.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346053.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346057.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346058.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346059.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346060.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346061.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346062.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346063.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346064.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346085.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346086.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346087.TXT -> TrackingCookie.Fastclick : Cleaned with backup C:\RECYCLER\NPROTECT\00346088.TXT -> TrackingCookie.Fastclick : Cleaned with backup C:\RECYCLER\NPROTECT\00346091.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346092.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346093.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346094.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346095.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346096.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346097.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346098.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346099.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346103.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346104.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346105.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346111.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346112.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346113.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346116.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346117.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346118.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346122.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346123.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346124.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346134.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346135.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346136.TXT -> TrackingCookie.Fastclick : Cleaned with backup C:\RECYCLER\NPROTECT\00346137.TXT -> TrackingCookie.Fastclick : Cleaned with backup C:\RECYCLER\NPROTECT\00346141.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346142.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346143.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346147.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346148.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346149.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346173.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346174.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346175.TXT -> TrackingCookie.Fastclick : Cleaned with backup C:\RECYCLER\NPROTECT\00346176.TXT -> TrackingCookie.Fastclick : Cleaned with backup C:\RECYCLER\NPROTECT\00346179.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346180.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346181.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346182.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346183.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346184.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346185.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346188.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346189.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346190.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346191.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346192.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346195.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346196.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346197.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346200.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346201.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346220.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346221.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346222.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346228.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346229.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346230.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346239.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346240.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346241.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346247.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346248.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346249.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346254.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346255.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346256.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346259.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346260.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346261.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346265.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346266.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346267.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346274.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346275.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346284.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346285.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346286.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346300.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346301.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346302.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346306.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346307.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346308.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346311.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346312.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346313.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346317.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346318.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346319.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346323.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346324.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346325.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346328.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346329.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346330.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346333.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346334.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346335.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346336.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346337.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346338.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346339.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346346.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346347.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346348.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346353.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346354.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346355.TXT -> TrackingCookie.Fastclick : Cleaned with backup C:\RECYCLER\NPROTECT\00346356.TXT -> TrackingCookie.Fastclick : Cleaned with backup C:\RECYCLER\NPROTECT\00346359.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346360.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346374.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346375.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346377.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346378.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346383.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346384.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346391.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346392.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346395.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346396.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346399.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346400.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346403.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346404.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346408.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346409.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346412.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346413.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346415.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346416.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346418.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346419.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346420.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346424.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346425.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346426.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346431.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346432.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346433.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346434.TXT -> TrackingCookie.Adrevolver : Cleaned with backup C:\RECYCLER\NPROTECT\00346439.TXT -> TrackingCookie.Adrevolver : Cleaned with backup C:\RECYCLER\NPROTECT\00346456.TXT -> TrackingCookie.Adrevolver : Cleaned with backup C:\RECYCLER\NPROTECT\00346462.TXT -> TrackingCookie.Adrevolver : Cleaned with backup C:\RECYCLER\NPROTECT\00346465.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346466.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346467.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346471.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346472.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346473.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346479.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346480.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346481.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346485.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346486.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346487.TXT -> TrackingCookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00346488.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346489.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346490.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346493.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346494.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346495.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346504.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346505.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346506.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346507.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346508.TXT -> TrackingCookie.Casalemedia : Cleaned with backup C:\RECYCLER\NPROTECT\00346511.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346512.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346515.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346516.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346517.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346523.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346524.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346529.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346530.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346559.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346560.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346561.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346562.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346570.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup C:\RECYCLER\NPROTECT\00346571.TXT -> Tracking

#4 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 19 June 2006 - 08:50 PM

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Please do not delete anything unless instructed to.

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

Next:

Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

If you are taken to the internet page, just close the page.

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Empty Recycle Bin

Reboot and "copy/paste" a new HJT log as well as the Results from Spy Sweeper file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#5 highc1000

Authentic Member

Authentic Member
32 posts

Posted 20 June 2006 - 04:45 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:37:02 PM, on 6/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Chris\My Documents\My Received Files\Downloads\HiJackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink...ton/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe" -l
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [WindowFX] C:\PROGRA~1\Stardock\OBJECT~1\WindowFX\\wfxload.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.2.1.87.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1141574630858
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141592235687
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\EarthLink TotalAccess\Spyware Blocker\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

I was not able to to save the Spy sweeper report as it had me restart. On the restart it (SpySweeper had tried to clean files but was unable to. Norton also said I had a trojan that was unable to be repaired as well. When I tried to post this information last night I was unable to connect to the internet. I also keep getting a strange yellow bar across the top of my screen that says something to the fact that this site (not this one inparticular) may be a scam and not to trust it. This is something new over the past two days. I am ready for the next step.

#6 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 20 June 2006 - 05:04 PM

Did any of them show where the virus was found?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#7 highc1000

Authentic Member

Authentic Member
32 posts

Posted 20 June 2006 - 05:09 PM

Unfortunately non that I saw. By the way ,the yellow banner says "This web page could be a scam. Proceed with caution." Should I rerun the spy sweeper and try to save a log?

#8 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 20 June 2006 - 05:10 PM

Only for Windows XP and Windows 2000

Lets try this first.

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Posted Image

______________________________

Please download the trial version of Ewido anti-malware 3.5 from here:
http://www.ewido.net/en/download/

Install Ewido anti-malware.
When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
The program will prompt you to update. Click the Ok button.
The program will now go to the main screen.

You will need to update Ewido to the latest definition files.

On the left-hand side of the main screen click the Update Button.
Click on Start.

The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido. Don't Run It Yet.

If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates. Make sure to close Ewido before installing the update.
______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter

Posted Image

This program will scan large amounts of files on your computer for known patterns so please be patient while it works. It will create a file named:
c:\rapport.txt

IMPORTANT: Do NOT run any other options until you are asked to do so!

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Please post:
C:\rapport.txt

Edited by LDTate, 20 June 2006 - 05:12 PM.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#9 highc1000

Authentic Member

Authentic Member
32 posts

Posted 20 June 2006 - 05:42 PM

SmitFraudFix v2.63 Scan done at 19:33:51.23, Tue 06/20/2006 Run from C:\Documents and Settings\Chris\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Chris\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\chris\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

#10 highc1000

Authentic Member

Authentic Member
32 posts

Posted 20 June 2006 - 05:54 PM

One note about the smitfraudfix scan. You said it would run for a bit and to be patient. The scan took all of about 3 seconds. Not sure it that means anything. Also asked for me to download ans install ewido. I had done that already previously (a few days ago) BUT have had background guard running since I installed. Should I uninstall the program and then reinstall. Hopefully I havn't made things worse. Thanks for your patients!

Advertisements

Register to Remove

#11 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 20 June 2006 - 06:03 PM

I don't see any Smitfraud infection. Try spysweeper again please.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#12 highc1000

Authentic Member

Authentic Member
32 posts

Posted 20 June 2006 - 07:00 PM

OK, I needed to retart due to a possible rootkit. I do not believe that spysweeper was able to fix the issue. The splash screen at start up came and went very quickly. Anyhow, this is what spy sweeper found: potential rootkit (referenced something about antiphising in the local settings for everyone that uses this computer-4 users) Purityscan elitemedia group enbrowser I have both the scan results from this evening and last night: ******** 8:05 PM: | Start of Session, Tuesday, June 20, 2006 | 8:05 PM: Spy Sweeper started 8:05 PM: Sweep initiated using definitions version 703 8:05 PM: Starting Memory Sweep 8:09 PM: Memory Sweep Complete, Elapsed Time: 00:03:42 8:09 PM: Starting Registry Sweep 8:09 PM: Registry Sweep Complete, Elapsed Time:00:00:16 8:09 PM: Starting Cookie Sweep 8:09 PM: Cookie Sweep Complete, Elapsed Time: 00:00:04 8:09 PM: Starting File Sweep 8:10 PM: Found Adware: elitemediagroup-mediamotor 8:10 PM: 00352249.inf (ID = 297265) 8:16 PM: Found Adware: enbrowser 8:16 PM: 00352256.exe (ID = 296335) 8:16 PM: 00352254.exe (ID = 296334) 8:31 PM: 00352247.tlb (ID = 310783) 8:34 PM: 00352252.exe (ID = 301974) 8:34 PM: Found Adware: purityscan 8:34 PM: 00352245.exe (ID = 213483) 8:36 PM: Found System Monitor: potentially rootkit-masked files 8:36 PM: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat (ID = 0) 8:36 PM: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat (ID = 0) 8:36 PM: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat (ID = 0) 8:36 PM: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat (ID = 0) 8:36 PM: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat (ID = 0) 8:36 PM: Warning: Unhandled Archive Type 8:36 PM: Warning: Unhandled Archive Type 8:37 PM: Warning: Unable to sweep compressed file: System Error. Code: 8. Not enough storage is available to process this command 8:37 PM: File Sweep Complete, Elapsed Time: 00:27:13 8:37 PM: Full Sweep has completed. Elapsed time 00:31:23 8:37 PM: Traces Found: 11 8:41 PM: Removal process initiated 8:41 PM: Quarantining All Traces: potentially rootkit-masked files 8:41 PM: potentially rootkit-masked files is in use. It will be removed on reboot. 8:41 PM: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat is in use. It will be removed on reboot. 8:41 PM: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat is in use. It will be removed on reboot. 8:41 PM: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat is in use. It will be removed on reboot. 8:41 PM: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat is in use. It will be removed on reboot. 8:41 PM: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat is in use. It will be removed on reboot. 8:41 PM: Quarantining All Traces: purityscan 8:41 PM: Quarantining All Traces: elitemediagroup-mediamotor 8:41 PM: Quarantining All Traces: enbrowser 8:42 PM: Preparing to restart your computer. Please wait... 8:42 PM: Removal process completed. Elapsed time 00:00:42 ******** 11:03 PM: | Start of Session, Monday, June 19, 2006 | 11:03 PM: Spy Sweeper started 11:03 PM: Sweep initiated using definitions version 702 11:03 PM: Starting Memory Sweep 11:06 PM: Memory Sweep Complete, Elapsed Time: 00:03:44 11:06 PM: Starting Registry Sweep 11:06 PM: Found Adware: webhancer 11:06 PM: HKCR\whiehelperobj.whiehelperobj.1\ (3 subtraces) (ID = 146280) 11:06 PM: HKCR\whiehelperobj.whiehelperobj\ (3 subtraces) (ID = 146281) 11:06 PM: Found Adware: enbrowser 11:06 PM: HKLM\software\system\sysold\ (2 subtraces) (ID = 926808) 11:06 PM: HKLM\software\classes\whiehelperobj.whiehelperobj\ (3 subtraces) (ID = 972216) 11:06 PM: HKLM\software\classes\whiehelperobj.whiehelperobj.1\ (3 subtraces) (ID = 972220) 11:06 PM: Found Adware: elitemediagroup-mediamotor 11:06 PM: HKLM\software\microsoft\code store database\distribution units\{5526b4c6-63d6-41a1-9783-0fabf529859a}\ (12 subtraces) (ID = 1323895) 11:06 PM: HKU\WRSS_Profile_S-1-5-21-1004336348-789336058-839522115-1008\software\system\sysuid\ (1 subtraces) (ID = 731748) 11:06 PM: HKU\WRSS_Profile_S-1-5-21-1004336348-789336058-839522115-1007\software\system\sysuid\ (1 subtraces) (ID = 731748) 11:06 PM: HKU\WRSS_Profile_S-1-5-21-1004336348-789336058-839522115-1005\software\system\sysuid\ (1 subtraces) (ID = 731748) 11:07 PM: HKU\S-1-5-21-1004336348-789336058-839522115-1004\software\system\sysuid\ (1 subtraces) (ID = 731748) 11:07 PM: Registry Sweep Complete, Elapsed Time:00:00:15 11:07 PM: Starting Cookie Sweep 11:07 PM: Found Spy Cookie: websponsors cookie 11:07 PM: matthew@a.websponsors[2].txt (ID = 3665) 11:07 PM: Found Spy Cookie: about cookie 11:07 PM: matthew@about[1].txt (ID = 2037) 11:07 PM: Found Spy Cookie: nextag cookie 11:07 PM: matthew@adq.nextag[1].txt (ID = 5015) 11:07 PM: Found Spy Cookie: ask cookie 11:07 PM: matthew@ask[2].txt (ID = 2245) 11:07 PM: Found Spy Cookie: belnk cookie 11:07 PM: matthew@belnk[1].txt (ID = 2292) 11:07 PM: Found Spy Cookie: exitexchange cookie 11:07 PM: matthew@exitexchange[1].txt (ID = 2633) 11:07 PM: matthew@exoticpets.about[2].txt (ID = 2038) 11:07 PM: Found Spy Cookie: screensavers.com cookie 11:07 PM: matthew@i.screensavers[1].txt (ID = 3298) 11:07 PM: Found Spy Cookie: redsheriff cookies 11:07 PM: matthew@imrworldwide[1].txt (ID = 2845) 11:07 PM: Found Spy Cookie: expage cookie 11:07 PM: matthew@members.expage[1].txt (ID = 2638) 11:07 PM: matthew@nextag[2].txt (ID = 5014) 11:07 PM: Found Spy Cookie: partypoker cookie 11:07 PM: matthew@partypoker[2].txt (ID = 3111) 11:07 PM: matthew@www.screensavers[1].txt (ID = 3298) 11:07 PM: paige@a.websponsors[1].txt (ID = 3665) 11:07 PM: paige@about[2].txt (ID = 2037) 11:07 PM: Found Spy Cookie: adknowledge cookie 11:07 PM: paige@adknowledge[1].txt (ID = 2072) 11:07 PM: Found Spy Cookie: adlegend cookie 11:07 PM: paige@adlegend[1].txt (ID = 2074) 11:07 PM: paige@ask[1].txt (ID = 2245) 11:07 PM: Found Spy Cookie: atwola cookie 11:07 PM: paige@atwola[1].txt (ID = 2255) 11:07 PM: Found Spy Cookie: azjmp cookie 11:07 PM: paige@azjmp[1].txt (ID = 2270) 11:07 PM: paige@belnk[1].txt (ID = 2292) 11:07 PM: Found Spy Cookie: coolsavings cookie 11:07 PM: paige@coolsavings[1].txt (ID = 2465) 11:07 PM: paige@countrymusic.about[2].txt (ID = 2038) 11:07 PM: Found Spy Cookie: did-it cookie 11:07 PM: paige@did-it[1].txt (ID = 2523) 11:07 PM: paige@dist.belnk[2].txt (ID = 2293) 11:07 PM: paige@guitar.about[1].txt (ID = 2038) 11:07 PM: paige@i.screensavers[1].txt (ID = 3298) 11:07 PM: paige@imrworldwide[2].txt (ID = 2845) 11:07 PM: Found Spy Cookie: maxserving cookie 11:07 PM: paige@maxserving[1].txt (ID = 2966) 11:07 PM: Found Spy Cookie: adrevolver cookie 11:07 PM: paige@media.adrevolver[1].txt (ID = 2089) 11:07 PM: paige@media.adrevolver[3].txt (ID = 2089) 11:07 PM: paige@media.adrevolver[4].txt (ID = 2089) 11:07 PM: Found Spy Cookie: military cookie 11:07 PM: paige@military[2].txt (ID = 2996) 11:07 PM: Found Spy Cookie: realmedia cookie 11:07 PM: paige@network.realmedia[2].txt (ID = 3236) 11:07 PM: paige@nextag[2].txt (ID = 5014) 11:07 PM: paige@orthopedics.about[1].txt (ID = 2038) 11:07 PM: paige@partypoker[1].txt (ID = 3111) 11:07 PM: paige@realmedia[1].txt (ID = 3235) 11:07 PM: paige@www.screensavers[1].txt (ID = 3298) 11:07 PM: brittany@about[1].txt (ID = 2037) 11:07 PM: brittany@adknowledge[2].txt (ID = 2072) 11:07 PM: brittany@adlegend[1].txt (ID = 2074) 11:07 PM: brittany@ask[2].txt (ID = 2245) 11:07 PM: brittany@atwola[2].txt (ID = 2255) 11:07 PM: brittany@azjmp[1].txt (ID = 2270) 11:07 PM: Found Spy Cookie: bannerspace cookie 11:07 PM: brittany@bannerspace[1].txt (ID = 2284) 11:07 PM: brittany@beauty.about[1].txt (ID = 2038) 11:07 PM: brittany@belnk[1].txt (ID = 2292) 11:07 PM: brittany@dist.belnk[2].txt (ID = 2293) 11:07 PM: Found Spy Cookie: webtrends cookie 11:07 PM: brittany@m.webtrends[1].txt (ID = 3669) 11:07 PM: brittany@media.adrevolver[2].txt (ID = 2089) 11:07 PM: brittany@nextag[2].txt (ID = 5014) 11:07 PM: Found Spy Cookie: affiliatefuel.com cookie 11:07 PM: brittany@r1.affiliatefuel[1].txt (ID = 2202) 11:07 PM: Found Spy Cookie: dealtime cookie 11:07 PM: brittany@stat.dealtime[1].txt (ID = 2506) 11:07 PM: Found Spy Cookie: trb.com cookie 11:07 PM: brittany@trb[1].txt (ID = 3587) 11:07 PM: penny@about[2].txt (ID = 2037) 11:07 PM: penny@adknowledge[2].txt (ID = 2072) 11:07 PM: penny@adq.nextag[1].txt (ID = 5015) 11:07 PM: penny@ask[2].txt (ID = 2245) 11:07 PM: penny@atwola[2].txt (ID = 2255) 11:07 PM: penny@bannerspace[1].txt (ID = 2284) 11:07 PM: Found Spy Cookie: bizrate cookie 11:07 PM: penny@bizrate[2].txt (ID = 2308) 11:07 PM: Found Spy Cookie: gostats cookie 11:07 PM: penny@c2.gostats[2].txt (ID = 2748) 11:07 PM: penny@dealtime[1].txt (ID = 2505) 11:07 PM: penny@did-it[1].txt (ID = 2523) 11:07 PM: Found Spy Cookie: go.com cookie 11:07 PM: penny@disney.go[1].txt (ID = 2729) 11:07 PM: penny@disneyworld.disney.go[1].txt (ID = 2729) 11:07 PM: penny@go[2].txt (ID = 2728) 11:07 PM: Found Spy Cookie: homestore cookie 11:07 PM: penny@homestore[2].txt (ID = 2793) 11:07 PM: Found Spy Cookie: ic-live cookie 11:07 PM: penny@ic-live[1].txt (ID = 2821) 11:07 PM: penny@imrworldwide[2].txt (ID = 2845) 11:07 PM: penny@interiordec.about[2].txt (ID = 2038) 11:07 PM: penny@m.webtrends[2].txt (ID = 3669) 11:07 PM: penny@nextag[1].txt (ID = 5014) 11:07 PM: penny@partypoker[2].txt (ID = 3111) 11:07 PM: penny@pediatrics.about[1].txt (ID = 2038) 11:07 PM: Found Spy Cookie: pricegrabber cookie 11:07 PM: penny@pricegrabber[2].txt (ID = 3185) 11:07 PM: penny@psc.disney.go[1].txt (ID = 2729) 11:07 PM: penny@r1.affiliatefuel[1].txt (ID = 2202) 11:07 PM: penny@stat.dealtime[1].txt (ID = 2506) 11:07 PM: penny@surfing.about[1].txt (ID = 2038) 11:07 PM: penny@www.dealtime[2].txt (ID = 2506) 11:07 PM: chris@abcnews.go[2].txt (ID = 2729) 11:07 PM: Found Spy Cookie: yieldmanager cookie 11:07 PM: chris@ad.yieldmanager[2].txt (ID = 3751) 11:07 PM: chris@ad.yieldmanager[3].txt (ID = 3751) 11:07 PM: chris@ad.yieldmanager[6].txt (ID = 3751) 11:07 PM: chris@ad.yieldmanager[7].txt (ID = 3751) 11:07 PM: chris@ad.yieldmanager[8].txt (ID = 3751) 11:07 PM: chris@adknowledge[2].txt (ID = 2072) 11:07 PM: chris@ask[1].txt (ID = 2245) 11:07 PM: Found Spy Cookie: 360i cookie 11:07 PM: chris@ct.360i[1].txt (ID = 1962) 11:07 PM: chris@familyfun.go[1].txt (ID = 2729) 11:07 PM: Found Spy Cookie: gamespy cookie 11:07 PM: chris@gamespy[1].txt (ID = 2719) 11:07 PM: chris@go[2].txt (ID = 2728) 11:07 PM: chris@imrworldwide[2].txt (ID = 2845) 11:07 PM: chris@m.webtrends[2].txt (ID = 3669) 11:07 PM: chris@rsi.abcnews.go[1].txt (ID = 2729) 11:07 PM: chris@trb[2].txt (ID = 3587) 11:07 PM: Found Spy Cookie: xiti cookie 11:07 PM: chris@xiti[1].txt (ID = 3717) 11:07 PM: Cookie Sweep Complete, Elapsed Time: 00:00:06 11:07 PM: Starting File Sweep 11:07 PM: amm06.inf (ID = 297265) 11:13 PM: uni_ehhh.exe (ID = 296335) 11:13 PM: unin101.exe (ID = 296334) 11:19 PM: Found Adware: great net downloadware 11:19 PM: webinstall.exe (ID = 59312) 11:27 PM: safe.tlb (ID = 310783) 11:30 PM: tagasuarus2.exe (ID = 301974) 11:30 PM: Found Adware: purityscan 11:30 PM: yoinsi.exe (ID = 213483) 11:32 PM: Found System Monitor: potentially rootkit-masked files 11:32 PM: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat (ID = 0) 11:32 PM: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat (ID = 0) 11:32 PM: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat (ID = 0) 11:32 PM: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat (ID = 0) 11:32 PM: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat (ID = 0) 11:32 PM: Warning: Unhandled Archive Type 11:32 PM: Warning: Unhandled Archive Type 11:32 PM: Warning: Unhandled Archive Type 11:32 PM: Warning: Unhandled Archive Type 11:32 PM: Warning: Unhandled Archive Type 11:32 PM: Warning: Unhandled Archive Type 11:32 PM: Warning: Unhandled Archive Type 11:32 PM: Warning: Unhandled Archive Type 11:32 PM: Warning: Unhandled Archive Type 11:32 PM: Warning: Unhandled Archive Type 11:32 PM: Warning: Unhandled Archive Type 11:32 PM: Warning: Unhandled Archive Type 11:32 PM: Warning: Unhandled Archive Type 11:32 PM: Warning: Unhandled Archive Type 11:32 PM: Warning: Unhandled Archive Type 11:32 PM: Warning: Unable to sweep compressed file: System Error. Code: 8. Not enough storage is available to process this command 11:32 PM: Warning: Unhandled Archive Type 11:32 PM: Warning: Unhandled Archive Type 11:32 PM: Warning: Unhandled Archive Type 11:32 PM: Warning: Unhandled Archive Type 11:32 PM: Warning: Unhandled Archive Type 11:32 PM: Warning: Unhandled Archive Type 11:32 PM: File Sweep Complete, Elapsed Time: 00:25:35 11:32 PM: Full Sweep has completed. Elapsed time 00:29:46 11:32 PM: Traces Found: 151 11:33 PM: Removal process initiated 11:33 PM: Quarantining All Traces: potentially rootkit-masked files 11:33 PM: potentially rootkit-masked files is in use. It will be removed on reboot. 11:33 PM: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat is in use. It will be removed on reboot. 11:33 PM: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat is in use. It will be removed on reboot. 11:33 PM: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat is in use. It will be removed on reboot. 11:33 PM: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat is in use. It will be removed on reboot. 11:33 PM: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat is in use. It will be removed on reboot. 11:33 PM: Quarantining All Traces: purityscan 11:34 PM: Quarantining All Traces: elitemediagroup-mediamotor 11:34 PM: Quarantining All Traces: enbrowser 11:34 PM: Quarantining All Traces: great net downloadware 11:34 PM: Quarantining All Traces: webhancer 11:34 PM: Quarantining All Traces: 360i cookie 11:34 PM: Quarantining All Traces: about cookie 11:34 PM: Quarantining All Traces: adknowledge cookie 11:34 PM: Quarantining All Traces: adlegend cookie 11:34 PM: Quarantining All Traces: adrevolver cookie 11:34 PM: Quarantining All Traces: affiliatefuel.com cookie 11:34 PM: Quarantining All Traces: ask cookie 11:34 PM: Quarantining All Traces: atwola cookie 11:34 PM: Quarantining All Traces: azjmp cookie 11:34 PM: Quarantining All Traces: bannerspace cookie 11:34 PM: Quarantining All Traces: belnk cookie 11:34 PM: Quarantining All Traces: bizrate cookie 11:34 PM: Quarantining All Traces: coolsavings cookie 11:34 PM: Quarantining All Traces: dealtime cookie 11:34 PM: Quarantining All Traces: did-it cookie 11:34 PM: Quarantining All Traces: exitexchange cookie 11:34 PM: Quarantining All Traces: expage cookie 11:34 PM: Quarantining All Traces: gamespy cookie 11:34 PM: Quarantining All Traces: go.com cookie 11:34 PM: Quarantining All Traces: gostats cookie 11:34 PM: Quarantining All Traces: homestore cookie 11:34 PM: Quarantining All Traces: ic-live cookie 11:34 PM: Quarantining All Traces: maxserving cookie 11:34 PM: Quarantining All Traces: military cookie 11:34 PM: Quarantining All Traces: nextag cookie 11:34 PM: Quarantining All Traces: partypoker cookie 11:34 PM: Quarantining All Traces: pricegrabber cookie 11:34 PM: Quarantining All Traces: realmedia cookie 11:34 PM: Quarantining All Traces: redsheriff cookies 11:34 PM: Quarantining All Traces: screensavers.com cookie 11:34 PM: Quarantining All Traces: trb.com cookie 11:34 PM: Quarantining All Traces: websponsors cookie 11:34 PM: Quarantining All Traces: webtrends cookie 11:34 PM: Quarantining All Traces: xiti cookie 11:34 PM: Quarantining All Traces: yieldmanager cookie 11:34 PM: Preparing to restart your computer. Please wait... 11:34 PM: Removal process completed. Elapsed time 00:00:19 8:05 PM: Updating spyware definitions 8:05 PM: Your spyware definitions have been updated. 8:05 PM: | End of Session, Tuesday, June 20, 2006 | ******** 11:00 PM: | Start of Session, Monday, June 19, 2006 | 11:00 PM: Spy Sweeper started 11:01 PM: Your spyware definitions have been updated. 11:01 PM: Updating spyware definitions 11:01 PM: Your definitions are up to date. 11:03 PM: | End of Session, Monday, June 19, 2006 | Thanks again.

#13 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 20 June 2006 - 07:03 PM

Download this one and let me know if it finds anything.
RootkitRevealer
http://www.sysintern...itRevealer.html

When it's done, go to file->save
save the logfile to the desktop, and then paste the contents here.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#14 highc1000

Authentic Member

Authentic Member
32 posts

Posted 20 June 2006 - 08:02 PM

This is it for the night. Thanks again for all of your help LDTate. Internet keeps cutting out...usually a very reliable connection. Still something flakey going on. Here is the scan results: HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 6/20/2006 9:07 PM 80 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Microsoft\DirectPlayNATHelp\DPNHUPnP\ActiveNATMappings\msmsgs (192.168.1.100:12710) 27376 UDP 6/20/2006 9:06 PM 32 bytes Hidden from Windows API. HKLM\SOFTWARE\Microsoft\DirectPlayNATHelp\DPNHUPnP\ActiveNATMappings\msmsgs (192.168.1.100:11837) 61935 TCP 6/20/2006 9:06 PM 32 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 5/9/2006 10:21 PM 0 bytes Access is denied. C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060620.036\vscanmsx.dat 6/20/2006 9:34 PM 2.02 KB Hidden from Windows API. C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0007NAV~.TMP 6/20/2006 9:23 PM 0 bytes Hidden from Windows API. C:\RECYCLER\NPROTECT\00346172.TXT 6/19/2006 1:36 AM 104 bytes Visible in Windows API, but not in MFT or directory index. C:\RECYCLER\NPROTECT\00355966 6/20/2006 9:10 PM 7.94 MB Hidden from Windows API. C:\WINDOWS\Prefetch\LOGON.SCR-24ADF392.pf 6/20/2006 9:34 PM 50.72 KB Hidden from Windows API.

#15 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 20 June 2006 - 08:07 PM

This is it for the night.

Ok me too. My eyes are blurry :rofl:

Will give it another go tomorrow.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Body Background

skin color theme