Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

No Google, HOSTS file not the problem. What next?


  • This topic is locked This topic is locked
10 replies to this topic

#1 Daniel Boone

Daniel Boone

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 28 November 2005 - 08:57 PM

Any advice on the problem below would be greatly appreciated...

My IE is suddenly not letting me access google

I take it from scanning groups.google (accessed with a different machine)
that this typically is caused by a corrupted HOSTS file.

I've removed all entries from my HOSTS file to no avail.

spyware search and destroy and norton antivirus found no problems.

can anyone tell me if the log below indicates a known issue?

Thanks very much.

Daniel Boone


Logfile of HijackThis v1.99.1
Scan saved at 9:28:42 PM, on 11/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\temp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1133223452171
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://npd.webex.co...bex/ieatgpc.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 05 December 2005 - 03:50 PM

Hello Daniel,

Sorry about the delay, we have been up to our ears in logs.

I see no evidence of Malware or a Virus on your system, but lets do this to straighten out your problem.

DO THIS FIRST
Your HIJACKTHIS program is current, but it is very important that it resides in its own folder.
We will use Hijackthis (HJT) to make changes to your system and HJT will make backups of those changes,
If HJT is not in its own folder, those backups could be lost.

Easy to fix,
* just go to MY COMPUTER > YOUR C:\ DRIVE and create a new folder and name it HIJACKTHIS .
* Now scroll to where you have HJT currently, right click on the HJT icon and select CUT .
* Now open the new folder you just created and right click within that folder and select PASTE .
* Now HJT should reside in C:\HIJACKTHIS\HIJACKTHIS.EXE

Now download Hoster , this will restore your original hosts files.

Download Hoster

* Unzip Hoster to your desktop
* Open up Hoster
* Make sure that the Make Hosts Writtable button in the upper right corner is enabled.
* Click Back Up Host Files
* Click on Restore Original Hosts
* Close program

Open HJT Scan Only and put a checkmark in the following entries, close your browser and any open windows and click on Fix Checked.

These 4 entries are taking you to the HP site, if thats ok with you then leave them alone if not fix them.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop


This entry is not bad but it is keeping tabs on you, you can read about it here and make your own decision.
http://castlecops.co...uplist-180.html
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Open up IE and go to Tools > Internet Options> Programs and click on Reset Web Settings.
Then while your in there, go to the General Tab and Delete Cookies and Delete Files (also check Offline Content )

Download and Install http://www.ccleaner.com/

* Click on Run Cleaner
* Run the Issues Scan < When it asks you to backup the Registry..Say Yes

You have Spybot Search and Destroy on your system, make sure it is version 1.4, if not you can download it from the link in my signature.
Open up Spybot and go to Mode> Advanced Mode> Tools> Hosts Files and add Spybots Hosts files.

Then post back with a new HJT log and let me know how your doing.

Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 Daniel Boone

Daniel Boone

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 05 December 2005 - 08:41 PM

Ken,

Thanks a million! I appreciate your generosity.

Here's what happened:

(1) moved HJT -- nothing interesting happened

(2) ran hoster -- nothing notable happened

(3) deleted files you pointed to in HJT. I don't want HP links running in the background, nor do I want the ALcx thing.

(4) got carp** Cleaner. This took some doing. The browser (IE) wouldn't load the site. So I went to CNET and got it there. The program found a bunch of carp** in my regsitry. Also, it removed 444 MB of files. What on earth was all that?

(5) did the IE reset

(6) updated Spybot and ran full analysis. It found no problems with the HOSTS file. A bunch of spyware, but it just looked like the usual advertising carp**.

Net result: IE and Firefox both load a little quicker.
IE can't ever load hotmail.com or google groups
Firefox right now has been trying for a long time to load google.com, and just spinning its wheels, and timing out.
Both programs seem to decide at random not to load webpages I try to access.

It seems those were worthwhile things to do, but at the end of the day, there still seems to be something seriously wrong here.

I reran HJT and post the log below.

Does anything else look awry?

Thanks again.

Daniel

Logfile of HijackThis v1.99.1
Scan saved at 9:21:51 PM, on 12/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HIJACKTHIS\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety....lscbase2213.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1133223452171
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://npd.webex.co...bex/ieatgpc.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 06 December 2005 - 07:25 AM

Good Morning Daniel,

Your log looks ok, but not to say that there could be something hidden that we can't see. I am going to suggest that you run these three programs to see what they come up with. There all free and I was going to suggest them to you after we where done, but lets run them now.

1.
You can use the links in my signature to download, install and run this excellent program.
AD-AWARE SE PERSONAL 1.05

No need to uninstall an older version as it will do it for you upon installing the newer version.

* During installation, follow all the defaults.
* Start the program and CHECK FOR UPDATES
* Choose PERFORM FULL SYSTEM SCAN
* Take the checkmark out of SEARCH FOR NEGLIGIBLE RISK FILES
* Run the scan
* When it is done, RIGHT CLICK ON ONE OF THE ENTRIES/ SELECT ALL/ NEXT and let it remove all that if finds.


2. Download and install Ewido security suite.
Ewido Security Suite
* Launch Ewido, there should be an icon on your desktop for it to double-click.
o Click on update
o You should see Update Complete when done.
o Now close out the program


Now reboot into Safemode
To Enter SAFEMODE

* Go to START/ SHUT OF YOUR COMPUTER/ RESTART
* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
* Use the UP AND DOWN ARROW KEYS to scroll up to SAFEMODE
* Then press the ENTER KEY ON YOUR KEYBOARD

Now open Ewido
o Click on scanner.
o Run a full system scan
o Let the program scan the machine.
o While the scan is in progress you will be prompted to clean files, click OK.
o Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
o Click Save report.
o Save the report to your desktop.

3. Download the trial version of Spy Sweeper from
Here
Download the 14 day Free Trial - Not the online scan.
Install it using the Standard Install option. (You will be asked for your e-mail address,
it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C.
Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer.

Run HJT Scan Only and remove these lines, look them over and there your option to remove them.

This line is questionable, if you remove it and you still need it, we can always put it back.

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll


http://castlecops.co...plist-9746.html
Read this and make your choice, it won't prevent Real Player from working but this is a very big resouce hog.
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Dan,
Copy and paste the logs from Ewido, Spysweeper and a new HJT log. If I don't see anything earth shattering in any of the reports, I am going to direct you to some excellent Windows Tech support sites that deal with this type of issue.

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#5 Daniel Boone

Daniel Boone

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 08 December 2005 - 07:43 PM

Thanks Ken,

You're performing a valuable public service here.
Even the tech guys at my office don't know what to do with
this problem, so I'm at a loss.

I found a lot of junk using those programs.
However, the end result is more or less the same.
I can't load certain websites: hotmail and google groups, for example
and the performance of the browser in general, is as if it has an anvil around its neck.

Here are the logs from HJT and the other programs.

For reference, the programs I've tried now include

Norton Anti-Virus
Adaware SE
Spyware Search & Destroy
Ewido
carp** Cleaner
CWShredder
ADSSpy
Spysweeper
Hijack This
Hoster
bugoff
unhackdef
rootkitrevealer

Do you have a regime you recommend?
Should I run all of these every week or what?

Or maybe I should just shell out $2,500 for a Mac?

Things seem pretty dire...

logs:

Logfile of HijackThis v1.99.1
Scan saved at 7:34:32 PM, on 12/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HIJACKTHIS\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety....lscbase2213.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1133223452171
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:52:21 PM, 12/6/2005
+ Report-Checksum: 534C6997

+ Scan result:

:mozilla.16:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\r98ghre6.default\cookies.txt -> Spyware.Cookie.7search : Cleaned with backup
:mozilla.17:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\r98ghre6.default\cookies.txt -> Spyware.Cookie.7search : Cleaned with backup
:mozilla.18:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\r98ghre6.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.22:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\r98ghre6.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.25:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\r98ghre6.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.7:C:\Documents and Settings\kids\Application Data\Mozilla\Firefox\Profiles\0sjbyq0s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.8:C:\Documents and Settings\kids\Application Data\Mozilla\Firefox\Profiles\0sjbyq0s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.10:C:\Documents and Settings\kids\Application Data\Mozilla\Firefox\Profiles\0sjbyq0s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.11:C:\Documents and Settings\kids\Application Data\Mozilla\Firefox\Profiles\0sjbyq0s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.12:C:\Documents and Settings\kids\Application Data\Mozilla\Firefox\Profiles\0sjbyq0s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\kids\Application Data\Mozilla\Firefox\Profiles\0sjbyq0s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.14:C:\Documents and Settings\kids\Application Data\Mozilla\Firefox\Profiles\0sjbyq0s.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.15:C:\Documents and Settings\kids\Application Data\Mozilla\Firefox\Profiles\0sjbyq0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\kids\Application Data\Mozilla\Firefox\Profiles\0sjbyq0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\kids\Cookies\kids@cnn.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\1k0pq8xe.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
F:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\GDAZCH6J\popup[1].js -> Spyware.BookedSpace : Cleaned with backup
:mozilla.12:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.13:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.14:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.15:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.19:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.20:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.21:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.22:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.23:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.24:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.25:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.26:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.27:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.28:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.29:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.30:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.31:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.32:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.33:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.34:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.58:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.59:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.69:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.80:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.88:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.89:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.106:F:\WINDOWS\TEMP\~DFB5CF.TMP -> Spyware.Cookie.Mediaplex : Cleaned with backup
F:\WINDOWS\Cookies\anyuser@news.com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
F:\WINDOWS\Cookies\anyuser@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
F:\WINDOWS\Cookies\anyuser@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
F:\WINDOWS\Cookies\dmb3h@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
F:\WINDOWS\Cookies\anyuser@track-star[1].txt -> Spyware.Cookie.Track-star : Cleaned with backup
F:\WINDOWS\Cookies\anyuser@imgserv.adbutler[1].txt -> Spyware.Cookie.Adbutler : Cleaned with backup
F:\WINDOWS\Cookies\anyuser@ads.trafficvenue[1].txt -> Spyware.Cookie.Trafficvenue : Cleaned with backup
F:\WINDOWS\Cookies\anyuser@112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
F:\WINDOWS\Cookies\anyuser@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
F:\WINDOWS\Cookies\anyuser@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
F:\WINDOWS\Cookies\anyuser@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
F:\WINDOWS\Cookies\anyuser@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.12:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.13:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.14:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.15:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.19:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.20:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.21:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.22:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.23:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.24:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.25:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.26:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.27:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.28:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.29:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.30:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.31:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.32:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.33:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.34:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.58:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.59:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.69:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.80:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.88:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.89:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.106:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.110:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.111:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.112:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.113:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.114:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.115:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.116:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.117:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.118:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.119:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.126:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.127:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.128:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.136:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.154:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.160:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.161:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.174:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.184:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.185:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.193:F:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\xjed5s8i.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup


::Report End


********
9:15 PM: | Start of Session, Tuesday, December 06, 2005 |
9:15 PM: Spy Sweeper started
9:15 PM: Sweep initiated using definitions version 556
9:15 PM: Starting Memory Sweep
9:17 PM: Memory Sweep Complete, Elapsed Time: 00:02:39
9:17 PM: Starting Registry Sweep
9:18 PM: Registry Sweep Complete, Elapsed Time:00:00:34
9:18 PM: Starting Cookie Sweep
9:18 PM: Found Spy Cookie: atwola cookie
9:18 PM: kids@atwola[1].txt (ID = 2255)
9:18 PM: Found Spy Cookie: centrport net cookie
9:18 PM: hp_owner@centrport[1].txt (ID = 2374)
9:18 PM: Found Spy Cookie: rn11 cookie
9:18 PM: hp_owner@rn11[2].txt (ID = 3261)
9:18 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
9:18 PM: Starting File Sweep
9:55 PM: Warning: Invalid file - not a PKZip file
9:55 PM: Warning: Invalid file - not a PKZip file
9:57 PM: File Sweep Complete, Elapsed Time: 00:38:36
9:57 PM: Full Sweep has completed. Elapsed time 00:42:00
9:57 PM: Traces Found: 3
10:49 PM: Removal process initiated
10:49 PM: Quarantining All Traces: atwola cookie
10:49 PM: Quarantining All Traces: centrport net cookie
10:49 PM: Quarantining All Traces: rn11 cookie
10:49 PM: Removal process completed. Elapsed time 00:00:11
********
9:12 PM: | Start of Session, Tuesday, December 06, 2005 |
9:12 PM: Spy Sweeper started
9:13 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
9:15 PM: | End of Session, Tuesday, December 06, 2005 |

#6 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 08 December 2005 - 08:18 PM

Daniel,

The Ewido and Spysweeper logs don't show anything out of the ordinary, they just cleaned the run of the mill cookies and such. Your log looks ok, nothing bad on it that I can see.

Why don't you copy and paste your Hosts file into this thread and let me take a peek at it.
Open HJT and go to Misc. Tools > Hosts File Manager and Open it in Notepad.

The programs you have are all fine, just keep them updated and run a scan about once aweek.

In the meantime, here is a couple of fixes for IE

Repair Internet Explorer 6

A number of XP users have reported situations with Internet Explorer 6 becoming corrupted and reporting a number of different errors. While there is certainly no guarantee, the two procedures listed below have restored functionality to IE6 for many users experiencing problems.

Note: Both methods listed require that the Microsoft Windows XP CD-ROM be available.

Method 1: Microsoft Internet Explorer 6.x Repair for Windows XP

* From the Start menu, select Run.
* In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
* Select the OK button.
* Follow the prompts throughout the System File Checker process.
* Reboot the computer when System File Checker completes.

Method 2: Microsoft Internet Explorer 6.x Repair for Windows XP

* From the Start menu, select Search, select All Files and Folders.
* Select More Advanced Options and place a checkmark beside Search Hidden Files and Folders option.
* Ensure that Search System Folders and Search Subfolders are also checked.
* In the All or Part of the File Name box, type ie.inf
* In the Look In drop-down menu, select C: or the letter of the hard drive that contains the Windows folder.
* Click the Search button.
* In the search results pane, find the ie.inf file located in Windows\Inf folder.
* Right click the ie.inf file and click Install on the context menu.
* Reboot the computer when the file copy process is complete.


Ken :D

Edited by ken545, 08 December 2005 - 08:27 PM.


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#7 Daniel Boone

Daniel Boone

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 08 December 2005 - 08:59 PM

Hi Ken Well, I like Firefox too, with the exception of the many pages on the web that don't work right, presumably because the page designer can't be bothered making the page work outside of IE. Anyway, I get the same problem with Firefox. The HOSTS file (below) is pretty tame at this point, containing only lines put in there by Spysweeper. The lmhosts file is nothing but blank lines. I'll try the IE fixes you outlined. Thanks for those. Since the problem is there on Firefox as well, I'm doubtful that's going to fix things. Thanks again Dan # Copyright © 1993-1999 Microsoft Corp. # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # For example: # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost 127.0.0.1 1.httpdads.com #SpySweeperCASS 127.0.0.1 207-87-18-203.wsmg.digex.net #SpySweeperCASS 127.0.0.1 a.mktw.net #SpySweeperCASS 127.0.0.1 a.tribalfusion.com #SpySweeperCASS 127.0.0.1 a207.p.f.qz3.net #SpySweeperCASS 127.0.0.1 a3.suntimes.com #SpySweeperCASS 127.0.0.1 actionsplash.com #SpySweeperCASS 127.0.0.1 ad.abcnews.com #SpySweeperCASS 127.0.0.1 ad.adsmart.net #SpySweeperCASS 127.0.0.1 ad.adtraq.com #SpySweeperCASS 127.0.0.1 ad.atlas.cz #SpySweeperCASS 127.0.0.1 ad.au.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.be.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.blm.net #SpySweeperCASS 127.0.0.1 ad.ca.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.ch.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.de.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.dogpile.com #SpySweeperCASS 127.0.0.1 ad.doubleclick.com #SpySweeperCASS 127.0.0.1 ad.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.fr.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.harmony-central.com #SpySweeperCASS 127.0.0.1 ad.horvitznewspapers.net #SpySweeperCASS 127.0.0.1 ad.howstuffworks.com #SpySweeperCASS 127.0.0.1 ad.img.yahoo.co.kr #SpySweeperCASS 127.0.0.1 ad.infoseek.com #SpySweeperCASS 127.0.0.1 ad.iwin.com #SpySweeperCASS 127.0.0.1 ad.jp.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.kimo.com.tw #SpySweeperCASS 127.0.0.1 ad.linkexchange.com #SpySweeperCASS 127.0.0.1 ad.linksynergy.com #SpySweeperCASS 127.0.0.1 ad.moscowtimes.ru #SpySweeperCASS 127.0.0.1 ad.net-service.de #SpySweeperCASS 127.0.0.1 ad.nl.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.no.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.openfind.com.tw #SpySweeperCASS 127.0.0.1 ad.preferances.com #SpySweeperCASS 127.0.0.1 ad.preferences.com #SpySweeperCASS 127.0.0.1 ad.sales.olympics.com #SpySweeperCASS 127.0.0.1 ad.se.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.sg.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.sma.punto.net #SpySweeperCASS 127.0.0.1 ad.tomshardware.com #SpySweeperCASS 127.0.0.1 ad.trafficmp.com #SpySweeperCASS 127.0.0.1 ad.uk.doubleclick.net #SpySweeperCASS 127.0.0.1 ad.usatoday.com #SpySweeperCASS 127.0.0.1 ad.vol.at #SpySweeperCASS 127.0.0.1 ad.washingtonpost.com #SpySweeperCASS 127.0.0.1 ad.webprovider.com #SpySweeperCASS 127.0.0.1 ad01.mediacorpsingapore.com #SpySweeperCASS 127.0.0.1 ad08.focalink.com #SpySweeperCASS 127.0.0.1 ad1.aaddzz.com #SpySweeperCASS 127.0.0.1 ad1.peel.comwww.xbn.ru #SpySweeperCASS 127.0.0.1 ad10.doubleclick.net #SpySweeperCASS 127.0.0.1 ad11.doubleclick.net #SpySweeperCASS 127.0.0.1 ad12.doubleclick.net #SpySweeperCASS 127.0.0.1 ad13.doubleclick.net #SpySweeperCASS 127.0.0.1 ad14.doubleclick.net #SpySweeperCASS 127.0.0.1 ad15.doubleclick.net #SpySweeperCASS 127.0.0.1 ad16.doubleclick.net #SpySweeperCASS 127.0.0.1 ad17.doubleclick.net #SpySweeperCASS 127.0.0.1 ad18.doubleclick.net #SpySweeperCASS 127.0.0.1 ad19.doubleclick.net #SpySweeperCASS 127.0.0.1 ad2.adcept.net #SpySweeperCASS 127.0.0.1 ad2.doubleclick.net #SpySweeperCASS 127.0.0.1 ad2.peel.com #SpySweeperCASS 127.0.0.1 ad20.doubleclick.net #SpySweeperCASS 127.0.0.1 ad3.doubleclick.net #SpySweeperCASS 127.0.0.1 ad3.peel.com #SpySweeperCASS 127.0.0.1 ad4.doubleclick.net #SpySweeperCASS 127.0.0.1 ad5.doubleclick.net #SpySweeperCASS 127.0.0.1 ad6.doubleclick.net #SpySweeperCASS 127.0.0.1 ad7.doubleclick.net #SpySweeperCASS 127.0.0.1 ad7.internetadserver.com #SpySweeperCASS 127.0.0.1 ad8.doubleclick.net #SpySweeperCASS 127.0.0.1 ad9.doubleclick.net #SpySweeperCASS 127.0.0.1 ad-adex3.flycast.com #SpySweeperCASS 127.0.0.1 adbanner.sweepsclub.com #SpySweeperCASS 127.0.0.1 adbot.com #SpySweeperCASS 127.0.0.1 adbureau.net #SpySweeperCASS 127.0.0.1 adcodes.bla-bla.com #SpySweeperCASS 127.0.0.1 adcontent.gamespy.com #SpySweeperCASS 127.0.0.1 adcontroller.unicast.com #SpySweeperCASS 127.0.0.1 adcount.hollywood.com #SpySweeperCASS 127.0.0.1 adcreative.tribuneinteractive.com #SpySweeperCASS 127.0.0.1 adcreatives.imaginemedia.com #SpySweeperCASS 127.0.0.1 add.yaho.com #SpySweeperCASS 127.0.0.1 adengine.theglobe.com #SpySweeperCASS 127.0.0.1 adex3.flycast.com #SpySweeperCASS 127.0.0.1 adfarm.mediaplex.com #SpySweeperCASS 127.0.0.1 adforce.ads.imgis.com #SpySweeperCASS 127.0.0.1 adforce.adtech.de #SpySweeperCASS 127.0.0.1 adforce.imgis.com #SpySweeperCASS 127.0.0.1 adfu.blockstackers.com #SpySweeperCASS 127.0.0.1 adi.mainichi.co.jp #SpySweeperCASS 127.0.0.1 adimage.asia1.com.sg #SpySweeperCASS 127.0.0.1 adimage.asiaone.com.sg #SpySweeperCASS 127.0.0.1 adimage.bankrate.com #SpySweeperCASS 127.0.0.1 adimage.blm.net #SpySweeperCASS 127.0.0.1 adimages.earthweb.com #SpySweeperCASS 127.0.0.1 adimages.go.com #SpySweeperCASS 127.0.0.1 adimg.com.com #SpySweeperCASS 127.0.0.1 adimg.egroups.com #SpySweeperCASS 127.0.0.1 adimg1.chosun.com #SpySweeperCASS 127.0.0.1 adlink.deh.de #SpySweeperCASS 127.0.0.1 adlog.com.com #SpySweeperCASS 127.0.0.1 adlui001.adlink.de #SpySweeperCASS 127.0.0.1 admedia.xoom.com #SpySweeperCASS 127.0.0.1 adng.ascii24.com #SpySweeperCASS 127.0.0.1 adpick.switchboard.com #SpySweeperCASS 127.0.0.1 adpop.theglobe.com #SpySweeperCASS 127.0.0.1 adpulse.ads.targetnet.com #SpySweeperCASS 127.0.0.1 adremote.pathfinder.com #SpySweeperCASS 127.0.0.1 ads*.focalink.com #SpySweeperCASS 127.0.0.1 ads.1for1.com #SpySweeperCASS 127.0.0.1 ads.adflight.com #SpySweeperCASS 127.0.0.1 ads.ad-flow.com #SpySweeperCASS 127.0.0.1 ads.admaximize.com #SpySweeperCASS 127.0.0.1 ads.admonitor.net #SpySweeperCASS 127.0.0.1 ads.adtegrity.net #SpySweeperCASS 127.0.0.1 ads.advance.net #SpySweeperCASS 127.0.0.1 ads.adviva.net #SpySweeperCASS 127.0.0.1 ads.amazingmedia.com #SpySweeperCASS 127.0.0.1 ads.as4x.tmcs.net #SpySweeperCASS 127.0.0.1 ads.astalavista.us #SpySweeperCASS 127.0.0.1 ads.belointeractive.com #SpySweeperCASS 127.0.0.1 ads.bfast.com #SpySweeperCASS 127.0.0.1 ads.bianca.com #SpySweeperCASS 127.0.0.1 ads.bigcitytools.com #SpySweeperCASS 127.0.0.1 ads.bitsonthewire.com #SpySweeperCASS 127.0.0.1 ads.bloomberg.com #SpySweeperCASS 127.0.0.1 ads.cashsurfers.com #SpySweeperCASS 127.0.0.1 ads.cbc.ca #SpySweeperCASS 127.0.0.1 ads.centralohio.com #SpySweeperCASS 127.0.0.1 ads.clearbluemedia.com #SpySweeperCASS 127.0.0.1 ads.clearchannel.com #SpySweeperCASS 127.0.0.1 ads.clickagents.com #SpySweeperCASS 127.0.0.1 ads.clickhouse.com #SpySweeperCASS 127.0.0.1 ads.colo.kiva.net #SpySweeperCASS 127.0.0.1 ads.columbian.com #SpySweeperCASS 127.0.0.1 ads.courierpostonline.com #SpySweeperCASS 127.0.0.1 ads.criticalmass.com #SpySweeperCASS 127.0.0.1 ads.csi.emcweb.com #SpySweeperCASS 127.0.0.1 ads.currantbun.com #SpySweeperCASS 127.0.0.1 ads.dai.net #SpySweeperCASS 127.0.0.1 ads.democratandchronicle.com #SpySweeperCASS 127.0.0.1 ads.desmoinesregister.com #SpySweeperCASS 127.0.0.1 ads.detelefoongids.nl #SpySweeperCASS 127.0.0.1 ads.developershed.com #SpySweeperCASS 127.0.0.1 ads.devx.com #SpySweeperCASS 127.0.0.1 ads.digitalmedianet.com #SpySweeperCASS 127.0.0.1 ads.discovery.com #SpySweeperCASS 127.0.0.1 ads.doubleclick.com #SpySweeperCASS 127.0.0.1 ads.doubleclick.net #SpySweeperCASS 127.0.0.1 ads.ecircles.com #SpySweeperCASS 127.0.0.1 ads.enliven.com #SpySweeperCASS 127.0.0.1 ads.erotism.com #SpySweeperCASS 127.0.0.1 ads.eu.msn.com #SpySweeperCASS 127.0.0.1 ads.exhedra.com #SpySweeperCASS 127.0.0.1 ads.fairfax.com.au #SpySweeperCASS 127.0.0.1 ads.filez.com #SpySweeperCASS 127.0.0.1 ads.floridatoday.com #SpySweeperCASS 127.0.0.1 ads.fool.com #SpySweeperCASS 127.0.0.1 ads.forbes.com #SpySweeperCASS 127.0.0.1 ads.forbes.net #SpySweeperCASS 127.0.0.1 ads.fortunecity.com #SpySweeperCASS 127.0.0.1 ads.fredericksburg.com #SpySweeperCASS 127.0.0.1 ads.freshmeat.net #SpySweeperCASS 127.0.0.1 ads.gameanswers.com #SpySweeperCASS 127.0.0.1 ads.gamespy.com #SpySweeperCASS 127.0.0.1 ads.globeandmail.com #SpySweeperCASS 127.0.0.1 ads.god.co.uk #SpySweeperCASS 127.0.0.1 ads.granadamedia.com #SpySweeperCASS 127.0.0.1 ads.greensboro.com #SpySweeperCASS 127.0.0.1 ads.guardian.co.uk #SpySweeperCASS 127.0.0.1 ads.guardianunlimited.co.uk #SpySweeperCASS 127.0.0.1 ads.hitcents.com #SpySweeperCASS 127.0.0.1 ads.hollywood.com #SpySweeperCASS 127.0.0.1 ads.hyperbanner.net #SpySweeperCASS 127.0.0.1 ads.i33.com #SpySweeperCASS 127.0.0.1 ads.iafrica.com #SpySweeperCASS 127.0.0.1 ads.iambic.com #SpySweeperCASS 127.0.0.1 ads.icq.com #SpySweeperCASS 127.0.0.1 ads.ign.com #SpySweeperCASS 127.0.0.1 ads.imagine-inc.com #SpySweeperCASS 127.0.0.1 ads.imdb.com #SpySweeperCASS 127.0.0.1 ads.infi.net #SpySweeperCASS 127.0.0.1 ads.infospace.com #SpySweeperCASS 127.0.0.1 ads.iwon.com #SpySweeperCASS 127.0.0.1 ads.jacksonsun.com #SpySweeperCASS 127.0.0.1 ads.jpost.com #SpySweeperCASS 127.0.0.1 ads.jwtt3.com #SpySweeperCASS 127.0.0.1 ads.link4ads.com #SpySweeperCASS 127.0.0.1 ads.list-universe.com #SpySweeperCASS 127.0.0.1 ads.live365.com #SpySweeperCASS 127.0.0.1 ads.lycos.com #SpySweeperCASS 127.0.0.1 ads.madison.com #SpySweeperCASS 127.0.0.1 ads.mcafee.com #SpySweeperCASS 127.0.0.1 ads.mdchoice.com #SpySweeperCASS 127.0.0.1 ads.mediadevil.com #SpySweeperCASS 127.0.0.1 ads.mediaodyssey.com #SpySweeperCASS 127.0.0.1 ads.mediaturf.net #SpySweeperCASS 127.0.0.1 ads.mh5.com #SpySweeperCASS 127.0.0.1 ads.mirrormedia.co.uk #SpySweeperCASS 127.0.0.1 ads.msn.com #SpySweeperCASS 127.0.0.1 ads.msn-ppe.com #SpySweeperCASS 127.0.0.1 ads.musiccity.com #SpySweeperCASS 127.0.0.1 ads.mysimon.com #SpySweeperCASS 127.0.0.1 ads.nandomedia.com #SpySweeperCASS 127.0.0.1 ads.narrowline.com #SpySweeperCASS 127.0.0.1 ads.nerve.com #SpySweeperCASS 127.0.0.1 ads.netmechanic.com #SpySweeperCASS 127.0.0.1 ads.newcity.com #SpySweeperCASS 127.0.0.1 ads.newcitynet.com #SpySweeperCASS 127.0.0.1 ads.newsdigital.net #SpySweeperCASS 127.0.0.1 ads.newsint.co.uk #SpySweeperCASS 127.0.0.1 ads.newsquest.co.uk #SpySweeperCASS 127.0.0.1 ads.newtimes.com #SpySweeperCASS 127.0.0.1 ads.ninemsn.com.au #SpySweeperCASS 127.0.0.1 ads.northjersey.com #SpySweeperCASS 127.0.0.1 ads.nwsource.com #SpySweeperCASS 127.0.0.1 ads.nyi.net #SpySweeperCASS 127.0.0.1 ads.nypost.com #SpySweeperCASS 127.0.0.1 ads.nytimes.com #SpySweeperCASS 127.0.0.1 ads.ole.com #SpySweeperCASS 127.0.0.1 ads.paxnet.co.kr #SpySweeperCASS 127.0.0.1 ads.paxnet.com #SpySweeperCASS 127.0.0.1 ads.peel.com #SpySweeperCASS 127.0.0.1 ads.pennyweb.com #SpySweeperCASS 127.0.0.1 ads.premiumnetwork.com #SpySweeperCASS 127.0.0.1 ads.realcities.com #SpySweeperCASS 127.0.0.1 ads.realmedia.com #SpySweeperCASS 127.0.0.1 ads.rottentomatoes.com #SpySweeperCASS 127.0.0.1 ads.scifi.com #SpySweeperCASS 127.0.0.1 ads.seattletimes.com #SpySweeperCASS 127.0.0.1 ads.smartclicks.com #SpySweeperCASS 127.0.0.1 ads.smartclicks.net #SpySweeperCASS 127.0.0.1 ads.snowball.com #SpySweeperCASS 127.0.0.1 ads.specificpop.com #SpySweeperCASS 127.0.0.1 ads.sptimes.com #SpySweeperCASS 127.0.0.1 ads.starnews.com #SpySweeperCASS 127.0.0.1 ads.statesmanjournal.com #SpySweeperCASS 127.0.0.1 ads.stileproject.com #SpySweeperCASS 127.0.0.1 ads.switchboard.com #SpySweeperCASS 127.0.0.1 ads.telegraph.co.uk #SpySweeperCASS 127.0.0.1 ads.themes.org #SpySweeperCASS 127.0.0.1 ads.theolympian.com #SpySweeperCASS 127.0.0.1 ads.thestar.com #SpySweeperCASS 127.0.0.1 ads.tmcs.net #SpySweeperCASS 127.0.0.1 ads.tripod.com #SpySweeperCASS 127.0.0.1 ads.tucows.com #SpySweeperCASS 127.0.0.1 ads.ugo.com #SpySweeperCASS 127.0.0.1 ads.usatoday.com #SpySweeperCASS 127.0.0.1 ads.viaarena.com #SpySweeperCASS 127.0.0.1 ads.videoaxs.com #SpySweeperCASS 127.0.0.1 ads.vnuemedia.com #SpySweeperCASS 127.0.0.1 ads.washingtonpost.com #SpySweeperCASS 127.0.0.1 ads.web.aol.com #SpySweeperCASS 127.0.0.1 ads.web.de #SpySweeperCASS 127.0.0.1 ads.web21.com #SpySweeperCASS 127.0.0.1 ads.webcash.nl #SpySweeperCASS 127.0.0.1 ads.wnd.com #SpySweeperCASS 127.0.0.1 ads.x10.com #SpySweeperCASS 127.0.0.1 ads.xtra.co.nz #SpySweeperCASS 127.0.0.1 ads.zdnet.com #SpySweeperCASS 127.0.0.1 ads01.focalink.com #SpySweeperCASS 127.0.0.1 ads02.focalink.com #SpySweeperCASS 127.0.0.1 ads03.focalink.com #SpySweeperCASS 127.0.0.1 ads-03.tor.focusin.ads.targetnet.com #SpySweeperCASS 127.0.0.1 ads04.focalink.com #SpySweeperCASS 127.0.0.1 ads05.focalink.com #SpySweeperCASS 127.0.0.1 ads06.focalink.com #SpySweeperCASS 127.0.0.1 ads08.focalink.com #SpySweeperCASS 127.0.0.1 ads09.focalink.com #SpySweeperCASS 127.0.0.1 ads1.activeagent.at #SpySweeperCASS 127.0.0.1 ads1.ad-flow.com #SpySweeperCASS 127.0.0.1 ads1.advance.net #SpySweeperCASS 127.0.0.1 ads1.condenet.com #SpySweeperCASS 127.0.0.1 ads1.intelliads.com #SpySweeperCASS 127.0.0.1 ads1.sptimes.com #SpySweeperCASS 127.0.0.1 ads10.focalink.com #SpySweeperCASS 127.0.0.1 ads11.focalink.com #SpySweeperCASS 127.0.0.1 ads12.focalink.com #SpySweeperCASS 127.0.0.1 ads13.focalink.com #SpySweeperCASS 127.0.0.1 ads14.focalink.com #SpySweeperCASS 127.0.0.1 ads15.focalink.com #SpySweeperCASS 127.0.0.1 ads16.focalink.com #SpySweeperCASS 127.0.0.1 ads17.focalink.com #SpySweeperCASS 127.0.0.1 ads18.bpath.com #SpySweeperCASS 127.0.0.1 ads18.focalink.com #SpySweeperCASS 127.0.0.1 ads19.focalink.com #SpySweeperCASS 127.0.0.1 ads2.advance.net #SpySweeperCASS 127.0.0.1 ads2.clearchannel.com #SpySweeperCASS 127.0.0.1 ads2.condenet.com #SpySweeperCASS 127.0.0.1 ads2.zdnet.com #SpySweeperCASS 127.0.0.1 ads20.focalink.com #SpySweeperCASS 127.0.0.1 ads21.focalink.com #SpySweeperCASS 127.0.0.1 ads22.focalink.com #SpySweeperCASS 127.0.0.1 ads23.focalink.com #SpySweeperCASS 127.0.0.1 ads24.focalink.com #SpySweeperCASS 127.0.0.1 ads25.focalink.com #SpySweeperCASS 127.0.0.1 ads3.advance.net #SpySweeperCASS 127.0.0.1 ads3.zdnet.com #SpySweeperCASS 127.0.0.1 ads4.advance.net #SpySweeperCASS 127.0.0.1 ads4.clearchannel.com #SpySweeperCASS 127.0.0.1 ads4.condenet.com #SpySweeperCASS 127.0.0.1 ads5.advance.net #SpySweeperCASS 127.0.0.1 ads5.canoe.ca #SpySweeperCASS 127.0.0.1 ads5.gamecity.net #SpySweeperCASS 127.0.0.1 ads7.advance.net #SpySweeperCASS 127.0.0.1 ads7.udc.advance.net #SpySweeperCASS 127.0.0.1 ads-b.focalink.com #SpySweeperCASS 127.0.0.1 adserv.iafrica.com #SpySweeperCASS 127.0.0.1 adserv.internetfuel.com #SpySweeperCASS 127.0.0.1 adserv.newcentury.net #SpySweeperCASS 127.0.0.1 adserv.quality-channel.de #SpySweeperCASS 127.0.0.1 adservant.guj.de #SpySweeperCASS 127.0.0.1 adservant.mediapoint.de #SpySweeperCASS 127.0.0.1 adserver.ads360.com #SpySweeperCASS 127.0.0.1 adserver.anm.co.uk #SpySweeperCASS 127.0.0.1 adserver.bizland-inc.net #SpySweeperCASS 127.0.0.1 adserver.colleges.com #SpySweeperCASS 127.0.0.1 adserver.dbusiness.com #SpySweeperCASS 127.0.0.1 adserver.digitalpartners.com #SpySweeperCASS 127.0.0.1 adserver.garden.com #SpySweeperCASS 127.0.0.1 adserver.hispavista.com #SpySweeperCASS 127.0.0.1 adserver.ign.com #SpySweeperCASS 127.0.0.1 adserver.janes.com #SpySweeperCASS 127.0.0.1 adserver.matchcraft.com #SpySweeperCASS 127.0.0.1 adserver.merc.com #SpySweeperCASS 127.0.0.1 adserver.monster.com #SpySweeperCASS 127.0.0.1 adserver.netcast.nl #SpySweeperCASS 127.0.0.1 adserver.news.com.au #SpySweeperCASS 127.0.0.1 adserver.nydailynews.com #SpySweeperCASS 127.0.0.1 adserver.phillyburbs.com #SpySweeperCASS 127.0.0.1 adserver.pollstar.com #SpySweeperCASS 127.0.0.1 adserver.securityfocus.com #SpySweeperCASS 127.0.0.1 adserver.snowball.com #SpySweeperCASS 127.0.0.1 adserver.track-star.com #SpySweeperCASS 127.0.0.1 adserver.trb.com #SpySweeperCASS 127.0.0.1 adserver.tribuneinteractive.com #SpySweeperCASS 127.0.0.1 adserver.ugo.com #SpySweeperCASS 127.0.0.1 adserver.ukplus.co.uk #SpySweeperCASS 127.0.0.1 adserver.webads.com #SpySweeperCASS 127.0.0.1 adserver.webads.nl #SpySweeperCASS 127.0.0.1 adserver1.ogilvy-interactive.de #SpySweeperCASS 127.0.0.1 adserver1.realtracker.com #SpySweeperCASS 127.0.0.1 adserver2.realtracker.com #SpySweeperCASS 127.0.0.1 adserver3.realtracker.com #SpySweeperCASS 127.0.0.1 adserver-espnet.sportszone.com #SpySweeperCASS 127.0.0.1 adsrv.bankrate.com #SpySweeperCASS 127.0.0.1 adsrv.iol.co.za #SpySweeperCASS 127.0.0.1 adsrv2.gainesvillesun.com #SpySweeperCASS 127.0.0.1 adtegrity.spinbox.net #SpySweeperCASS 127.0.0.1 adtegrity.thruport.com #SpySweeperCASS 127.0.0.1 adthru.com #SpySweeperCASS 127.0.0.1 ad-up.com #SpySweeperCASS 127.0.0.1 adverity.adverity.com #SpySweeperCASS 127.0.0.1 advert.bayarea.com #SpySweeperCASS 127.0.0.1 advert.heise.de #SpySweeperCASS 127.0.0.1 affiliate.doteasy.com #SpySweeperCASS 127.0.0.1 akaads-abc.starwave.com #SpySweeperCASS 127.0.0.1 altfarm.mediaplex.com #SpySweeperCASS 127.0.0.1 amch.questionmarket.com #SpySweeperCASS 127.0.0.1 amedia.techies.com #SpySweeperCASS 127.0.0.1 antfarm-ad.flycast.com #SpySweeperCASS 127.0.0.1 ar.atwola.com #SpySweeperCASS 127.0.0.1 arc1.msn.com #SpySweeperCASS 127.0.0.1 arc2.msn.com #SpySweeperCASS 127.0.0.1 arc3.msn.com #SpySweeperCASS 127.0.0.1 arc4.msn.com #SpySweeperCASS 127.0.0.1 arc5.msn.com #SpySweeperCASS 127.0.0.1 askmen.thruport.com #SpySweeperCASS 127.0.0.1 au.ads.link4ads.com #SpySweeperCASS 127.0.0.1 banner.adlink.de #SpySweeperCASS 127.0.0.1 banner.coza.com #SpySweeperCASS 127.0.0.1 banner.easyspace.com #SpySweeperCASS 127.0.0.1 banner.linkexchange.com #SpySweeperCASS 127.0.0.1 banner.media-system.de #SpySweeperCASS 127.0.0.1 banner.northsky.com #SpySweeperCASS 127.0.0.1 banner.orb.net #SpySweeperCASS 127.0.0.1 banner.relcom.ru #SpySweeperCASS 127.0.0.1 banner.rootsweb.com #SpySweeperCASS 127.0.0.1 banner1.adlink.de #SpySweeperCASS 127.0.0.1 bannerads.anytimenews.com #SpySweeperCASS 127.0.0.1 banners.adultfriendfinder.com #SpySweeperCASS 127.0.0.1 banners.affiliatefuel.com #SpySweeperCASS 127.0.0.1 banners.babylon-x.com #SpySweeperCASS 127.0.0.1 banners.chek.com #SpySweeperCASS 127.0.0.1 banners.easydns.com #SpySweeperCASS 127.0.0.1 banners.friendfinder.com #SpySweeperCASS 127.0.0.1 banners.internetextra.com #SpySweeperCASS 127.0.0.1 banners.looksmart.com #SpySweeperCASS 127.0.0.1 banners.moviegoods.com #SpySweeperCASS 127.0.0.1 banners.nextcard.com #SpySweeperCASS 127.0.0.1 banners.revenuelink.com #SpySweeperCASS 127.0.0.1 banners.valuead.com #SpySweeperCASS 127.0.0.1 banners.wunderground.com #SpySweeperCASS 127.0.0.1 bannerswap.com #SpySweeperCASS 127.0.0.1 barnesandnoble.bfast.com #SpySweeperCASS 127.0.0.1 beseenad.looksmart.com #SpySweeperCASS 127.0.0.1 bidclix.net #SpySweeperCASS 127.0.0.1 bizad.nikkeibp.co.jp #SpySweeperCASS 127.0.0.1 bn.bfast.com #SpySweeperCASS 127.0.0.1 c1.zedo.com #SpySweeperCASS 127.0.0.1 c3.xxxcounter.com #SpySweeperCASS 127.0.0.1 ca.fp.sandpiper.net #SpySweeperCASS 127.0.0.1 califia.imaginemedia.com #SpySweeperCASS 127.0.0.1 campaigns.f2.com.au #SpySweeperCASS 127.0.0.1 cb.icq.com #SpySweeperCASS 127.0.0.1 cds.mediaplex.com #SpySweeperCASS 127.0.0.1 cf.icq.com #SpySweeperCASS 127.0.0.1 cgi.declicnet.com #SpySweeperCASS 127.0.0.1 classic.adlink.de #SpySweeperCASS 127.0.0.1 click.adlink.de #SpySweeperCASS 127.0.0.1 click.avenuea.com #SpySweeperCASS 127.0.0.1 click.go2net.com #SpySweeperCASS 127.0.0.1 click.linksynergy.com #SpySweeperCASS 127.0.0.1 click.mp3.com #SpySweeperCASS 127.0.0.1 clickit.go2net.com #SpySweeperCASS 127.0.0.1 clickserve.cc-dt.com #SpySweeperCASS 127.0.0.1 commonwealth.riddler.com #SpySweeperCASS 127.0.0.1 comtrack.comclick.com #SpySweeperCASS 127.0.0.1 connect.247media.ads.link4ads.com #SpySweeperCASS 127.0.0.1 cookies.cmpnet.com #SpySweeperCASS 127.0.0.1 coreg.flashtrack.net #SpySweeperCASS 127.0.0.1 cornflakes.pathfinder.com #SpySweeperCASS 127.0.0.1 counter.hitbox.com #SpySweeperCASS 127.0.0.1 creative.whi.co.nz #SpySweeperCASS 127.0.0.1 crux.songline.com #SpySweeperCASS 127.0.0.1 delivery1.ads.telegraaf.nl #SpySweeperCASS 127.0.0.1 desktop.kazaa.com #SpySweeperCASS 127.0.0.1 di.image.eshop.msn.com #SpySweeperCASS 127.0.0.1 dino.mainz.ibm.de #SpySweeperCASS 127.0.0.1 direct.adlink.de #SpySweeperCASS 127.0.0.1 doubleclick.net #SpySweeperCASS 127.0.0.1 ds.eyeblaster.com #SpySweeperCASS 127.0.0.1 ehg-bestbuy.hitbox.com #SpySweeperCASS 127.0.0.1 ehg-dig.hitbox.com #SpySweeperCASS 127.0.0.1 ehg-espn.hitbox.com #SpySweeperCASS 127.0.0.1 ehg-intel.hitbox.com #SpySweeperCASS 127.0.0.1 ehg-macromedia.hitbox.com #SpySweeperCASS 127.0.0.1 engage.speedera.net #SpySweeperCASS 127.0.0.1 erie.smartage.com #SpySweeperCASS 127.0.0.1 etad.telegraph.co.uk #SpySweeperCASS 127.0.0.1 eur.yimg.com #SpySweeperCASS 127.0.0.1 fl01.ct2.comclick.com #SpySweeperCASS 127.0.0.1 focusin.ads.targetnet.com #SpySweeperCASS 127.0.0.1 fp.valueclick.com #SpySweeperCASS 127.0.0.1 ftp.nacorp.com #SpySweeperCASS 127.0.0.1 gadgeteer.pdamart.com #SpySweeperCASS 127.0.0.1 ganges.imagine-inc.com #SpySweeperCASS 127.0.0.1 garden.ngadcenter.net #SpySweeperCASS 127.0.0.1 geoads.osdn.com #SpySweeperCASS 127.0.0.1 global.msads.net #SpySweeperCASS 127.0.0.1 globaltrack.com #SpySweeperCASS 127.0.0.1 globaltrak.net #SpySweeperCASS 127.0.0.1 gm.preferences.com #SpySweeperCASS 127.0.0.1 gp.dejanews.com #SpySweeperCASS 127.0.0.1 hg1.hitbox.com #SpySweeperCASS 127.0.0.1 holland.hyperbanner.net #SpySweeperCASS 127.0.0.1 hurricane.adlink.de #SpySweeperCASS 127.0.0.1 i.timeinc.net #SpySweeperCASS 127.0.0.1 icover.realmedia.com #SpySweeperCASS 127.0.0.1 ieee-images.adbureau.net #SpySweeperCASS 127.0.0.1 im.800.com #SpySweeperCASS 127.0.0.1 image.click2net.com #SpySweeperCASS 127.0.0.1 image.eimg.com #SpySweeperCASS 127.0.0.1 image.imgfarm.com #SpySweeperCASS 127.0.0.1 images.ads.fairfax.com.au #SpySweeperCASS 127.0.0.1 images.bizrate.com #SpySweeperCASS 127.0.0.1 images.cybereps.com #SpySweeperCASS 127.0.0.1 images.fastclick.net #SpySweeperCASS 127.0.0.1 images.newsx.cc #SpySweeperCASS 127.0.0.1 images.scripps.com #SpySweeperCASS 127.0.0.1 images.trafficmp.com #SpySweeperCASS 127.0.0.1 images.webads.nl #SpySweeperCASS 127.0.0.1 images2.nytimes.com #SpySweeperCASS 127.0.0.1 imageserv.adtech.de #SpySweeperCASS 127.0.0.1 img.cmpnet.com #SpySweeperCASS 127.0.0.1 information.gopher.com #SpySweeperCASS 127.0.0.1 iv.doubleclick.net #SpySweeperCASS 127.0.0.1 java.yahoo.com #SpySweeperCASS 127.0.0.1 jobkeys.ngadcenter.net #SpySweeperCASS 127.0.0.1 js1.hitbox.com #SpySweeperCASS 127.0.0.1 k5ads.osdn.com #SpySweeperCASS 127.0.0.1 kansas.valueclick.com #SpySweeperCASS 127.0.0.1 kaplanindex.com #SpySweeperCASS 127.0.0.1 kr-adimage.lycos.co.kr #SpySweeperCASS 127.0.0.1 krd.realcities.com #SpySweeperCASS 127.0.0.1 leader.linkexchange.com #SpySweeperCASS 127.0.0.1 liquidad.narrowcastmedia.com #SpySweeperCASS 127.0.0.1 ln.doubleclick.net #SpySweeperCASS 127.0.0.1 m.doubleclick.net #SpySweeperCASS 127.0.0.1 m.tribalfusion.com #SpySweeperCASS 127.0.0.1 m2.doubleclick.net #SpySweeperCASS 127.0.0.1 macaddictads.snv.futurenet.com #SpySweeperCASS 127.0.0.1 marketing.nyi.net #SpySweeperCASS 127.0.0.1 maximumpcads.imaginemedia.com #SpySweeperCASS 127.0.0.1 mds.centrport.net #SpySweeperCASS 127.0.0.1 media.fastclick.net #SpySweeperCASS 127.0.0.1 media.popuptraffic.com #SpySweeperCASS 127.0.0.1 media.preferences.com #SpySweeperCASS 127.0.0.1 media13.fastclick.net #SpySweeperCASS 127.0.0.1 media15.fastclick.net #SpySweeperCASS 127.0.0.1 media17.fastclick.net #SpySweeperCASS 127.0.0.1 media19.fastclick.net #SpySweeperCASS 127.0.0.1 mediamgr.ugo.com #SpySweeperCASS 127.0.0.1 mercury.rmuk.co.uk #SpySweeperCASS 127.0.0.1 mjxads.internet.com #SpySweeperCASS 127.0.0.1 mojofarm.mediaplex.com #SpySweeperCASS 127.0.0.1 mojofarm.sjc.mediaplex.com #SpySweeperCASS 127.0.0.1 mt37.mtree.com #SpySweeperCASS 127.0.0.1 nbc.adbureau.net #SpySweeperCASS 127.0.0.1 neighborhood.standard.net #SpySweeperCASS 127.0.0.1 netcomm.spinbox.net #SpySweeperCASS 127.0.0.1 netshelter.adtrix.com #SpySweeperCASS 127.0.0.1 newads.cmpnet.com #SpySweeperCASS 127.0.0.1 ng3.ads.warnerbros.com #SpySweeperCASS 127.0.0.1 ngads.smartage.com #SpySweeperCASS 127.0.0.1 nrsite.com #SpySweeperCASS 127.0.0.1 nsads.hotwired.com #SpySweeperCASS 127.0.0.1 ntbanner.digitalriver.com #SpySweeperCASS 127.0.0.1 oas.dispatch.com #SpySweeperCASS 127.0.0.1 oas.lee.net #SpySweeperCASS 127.0.0.1 oas.mmd.ch #SpySweeperCASS 127.0.0.1 oas.uniontrib.com #SpySweeperCASS 127.0.0.1 oas.villagevoice.com #SpySweeperCASS 127.0.0.1 oasads.whitepages.com #SpySweeperCASS 127.0.0.1 ogilvy.ngadcenter.net #SpySweeperCASS 127.0.0.1 oz.valueclick.com #SpySweeperCASS 127.0.0.1 ph-ad05.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad06.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad07.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad16.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad17.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad18.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad19.focalink.com #SpySweeperCASS 127.0.0.1 ph-ad21.focalink.com #SpySweeperCASS 127.0.0.1 phoenix-adrunner.mycomputer.com #SpySweeperCASS 127.0.0.1 phpads2.cnpapers.com #SpySweeperCASS 127.0.0.1 pluto1.iserver.net #SpySweeperCASS 127.0.0.1 primetime.ad.asap-asp.net #SpySweeperCASS 127.0.0.1 pub-g.ifrance.com #SpySweeperCASS 127.0.0.1 pubs.mgn.net #SpySweeperCASS 127.0.0.1 q.pni.com #SpySweeperCASS 127.0.0.1 rad.msn.com #SpySweeperCASS 127.0.0.1 rd1.hitbox.com #SpySweeperCASS 127.0.0.1 realads.realmedia.com #SpySweeperCASS 127.0.0.1 realmedia-a800.d4p.net #SpySweeperCASS 127.0.0.1 redherring.ngadcenter.net #SpySweeperCASS 127.0.0.1 redirect.click2net.com #SpySweeperCASS 127.0.0.1 regio.adlink.de #SpySweeperCASS 127.0.0.1 reply.mediatris.net #SpySweeperCASS 127.0.0.1 responsemedia-ad.flycast.com #SpySweeperCASS 127.0.0.1 retaildirect.realmedia.com #SpySweeperCASS 127.0.0.1 rmads.msn.com #SpySweeperCASS 127.0.0.1 rmedia.boston.com #SpySweeperCASS 127.0.0.1 s0b.bluestreak.com #SpySweeperCASS 127.0.0.1 s2.focalink.com #SpySweeperCASS 127.0.0.1 sc.clicksupply.com #SpySweeperCASS 127.0.0.1 scand.adlink.de #SpySweeperCASS 127.0.0.1 secure.webconnect.net #SpySweeperCASS 127.0.0.1 servads.aip.org #SpySweeperCASS 127.0.0.1 serve.thisbanner.com #SpySweeperCASS 127.0.0.1 servedby.advertising.com #SpySweeperCASS 127.0.0.1 service.bfast.com #SpySweeperCASS 127.0.0.1 sfads.osdn.com #SpySweeperCASS 127.0.0.1 sg.yimg.com #SpySweeperCASS 127.0.0.1 sh4sure-images.adbureau.net #SpySweeperCASS 127.0.0.1 shop.kazaa.com #SpySweeperCASS 127.0.0.1 spd.atdmt.com #SpySweeperCASS 127.0.0.1 speed.pointroll.com #SpySweeperCASS 127.0.0.1 spin.spinbox.net #SpySweeperCASS 127.0.0.1 spinbox.maccentral.com #SpySweeperCASS 127.0.0.1 spinbox.techtracker.com #SpySweeperCASS 127.0.0.1 ss.mtree.com #SpySweeperCASS 127.0.0.1 static.admaximize.com #SpySweeperCASS 127.0.0.1 stats.adultrevenueservice.com #SpySweeperCASS 127.0.0.1 stats.superstats.com #SpySweeperCASS 127.0.0.1 suissa-ad.flycast.com #SpySweeperCASS 127.0.0.1 sview.avenuea.com #SpySweeperCASS 127.0.0.1 techreview-images.adbureau.net #SpySweeperCASS 127.0.0.1 thinknyc.eu-adcenter.net #SpySweeperCASS 127.0.0.1 ti.click2net.com #SpySweeperCASS 127.0.0.1 tmsads.tribune.com #SpySweeperCASS 127.0.0.1 toads.osdn.com #SpySweeperCASS 127.0.0.1 tracker.clicktrade.com #SpySweeperCASS 127.0.0.1 tsms-ad.tsms.com #SpySweeperCASS 127.0.0.1 ugo.eu-adcenter.net #SpySweeperCASS 127.0.0.1 us.a1.yimg.com #SpySweeperCASS 127.0.0.1 usbytecom.orbitcycle.com #SpySweeperCASS 127.0.0.1 utils.mediageneral.com #SpySweeperCASS 127.0.0.1 v0.extreme-dm.com #SpySweeperCASS 127.0.0.1 v1.extreme-dm.com #SpySweeperCASS 127.0.0.1 van.ads.link4ads.com #SpySweeperCASS 127.0.0.1 view.accendo.com #SpySweeperCASS 127.0.0.1 view.atdmt.com #SpySweeperCASS 127.0.0.1 view.avenuea.com #SpySweeperCASS 127.0.0.1 vnu.eu-adcenter.net #SpySweeperCASS 127.0.0.1 vpdc.ru4.com #SpySweeperCASS 127.0.0.1 w113.hitbox.com #SpySweeperCASS 127.0.0.1 w25.hitbox.com #SpySweeperCASS 127.0.0.1 wap.adlink.de #SpySweeperCASS 127.0.0.1 web2.deja.com #SpySweeperCASS 127.0.0.1 webad.ajeeb.com #SpySweeperCASS 127.0.0.1 webads.bizservers.com #SpySweeperCASS 127.0.0.1 webaffiliate.covad.com #SpySweeperCASS 127.0.0.1 west.adlink.de #SpySweeperCASS 127.0.0.1 wwa.hitbox.com #SpySweeperCASS 127.0.0.1 wwb.hitbox.com #SpySweeperCASS 127.0.0.1 www.24pm-affiliation.com #SpySweeperCASS 127.0.0.1 www.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www.ad4ex.com #SpySweeperCASS 127.0.0.1 www.ad-flow.com #SpySweeperCASS 127.0.0.1 www.adireland.com #SpySweeperCASS 127.0.0.1 www.admex.com #SpySweeperCASS 127.0.0.1 www.ad-up.com #SpySweeperCASS 127.0.0.1 www.alladvantage.com #SpySweeperCASS 127.0.0.1 www.avsads.com #SpySweeperCASS 127.0.0.1 www.b3d.com #SpySweeperCASS 127.0.0.1 www.banner2u.com #SpySweeperCASS 127.0.0.1 www.bannercampaign.com #SpySweeperCASS 127.0.0.1 www.banneroverdrive.com #SpySweeperCASS 127.0.0.1 www.blissnet.net #SpySweeperCASS 127.0.0.1 www.bonzi.com #SpySweeperCASS 127.0.0.1 www.brilliantdigital.com #SpySweeperCASS 127.0.0.1 www.burstnet.com #SpySweeperCASS 127.0.0.1 www.cibleclick.com #SpySweeperCASS 127.0.0.1 www.click-fr.com #SpySweeperCASS 127.0.0.1 www.commission-junction.com #SpySweeperCASS 127.0.0.1 www.consumerinfo.com #SpySweeperCASS 127.0.0.1 www.crisscross.com #SpySweeperCASS 127.0.0.1 www.cyberbounty.com #SpySweeperCASS 127.0.0.1 www.datais.com #SpySweeperCASS 127.0.0.1 www.digitalbettingcasinos.com #SpySweeperCASS 127.0.0.1 www.dnps.com #SpySweeperCASS 127.0.0.1 www.doubleclick.net #SpySweeperCASS 127.0.0.1 www.eads.com #SpySweeperCASS 127.0.0.1 www.exchange-it.com #SpySweeperCASS 127.0.0.1 www.fineclicks.com #SpySweeperCASS 127.0.0.1 www.freestats.com #SpySweeperCASS 127.0.0.1 www.imaginemedia.com #SpySweeperCASS 127.0.0.1 www.kaplanindex.com #SpySweeperCASS 127.0.0.1 www.linksynergy.com #SpySweeperCASS 127.0.0.1 www.nailitonline2.com #SpySweeperCASS 127.0.0.1 www.netdirect.nl #SpySweeperCASS 127.0.0.1 www.netflip.com #SpySweeperCASS 127.0.0.1 www.netsponsors.com #SpySweeperCASS 127.0.0.1 www.netvertising.be #SpySweeperCASS 127.0.0.1 www.nrsite.com #SpySweeperCASS 127.0.0.1 www.oneandonlynetwork.com #SpySweeperCASS 127.0.0.1 www.onresponse.com #SpySweeperCASS 127.0.0.1 www.postmasterbannernet.com #SpySweeperCASS 127.0.0.1 www.qksrv.net #SpySweeperCASS 127.0.0.1 www.speedyclick.com #SpySweeperCASS 127.0.0.1 www.targetshop.com #SpySweeperCASS 127.0.0.1 www.teknosurf2.com #SpySweeperCASS 127.0.0.1 www.teknosurf3.com #SpySweeperCASS 127.0.0.1 www.valueclick.com #SpySweeperCASS 127.0.0.1 www.webads.nl #SpySweeperCASS 127.0.0.1 www.websitefinancing.com #SpySweeperCASS 127.0.0.1 www10.valueclick.com #SpySweeperCASS 127.0.0.1 www15.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www2.burstnet.com #SpySweeperCASS 127.0.0.1 www2.newtopsites.com #SpySweeperCASS 127.0.0.1 www23.valueclick.com #SpySweeperCASS 127.0.0.1 www3.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www3.bannerspace.com #SpySweeperCASS 127.0.0.1 www3.pagecount.com #SpySweeperCASS 127.0.0.1 www4.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www4.trix.net #SpySweeperCASS 127.0.0.1 www6.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www75.valueclick.com #SpySweeperCASS 127.0.0.1 www8.ad.tomshardware.com #SpySweeperCASS 127.0.0.1 www80.valueclick.com #SpySweeperCASS 127.0.0.1 y.ibsys.com #SpySweeperCASS 127.0.0.1 z.extreme-dm.com #SpySweeperCASS 127.0.0.1 z0.extreme-dm.com #SpySweeperCASS 127.0.0.1 z1.adserver.com #SpySweeperCASS 127.0.0.1 z1.extreme-dm.com #SpySweeperCASS 127.0.0.1 zi.r.tv.com #SpySweeperCASS 127.0.0.1 zrap.zdnet.com.com #SpySweeperCASS 127.0.0.1 as.casalemedia.com #SpySweeperCASS

#8 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 08 December 2005 - 09:05 PM

Daniel,

Your host file is ok

I just read this in a post with a problem simmilar to yours, give it a try, if you don't use a router, bypass that part. Flush any DNS caches . Two examples are routers that act as proxy nameservers, and versions of Windows that support DNS caching.

The way to fix the router cache is to power cycle the router.

The way to fix XP/Win2K's is to enter the command "ipconfig /flushdns" at a
cmd.exe prompt.

Click start > all programs >assessories >command prompt and type in ipconfig /flushdns then Enter

If you are still having problems after all this, I will give you links to some excellent Windows Tech Support sites.

Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#9 Daniel Boone

Daniel Boone

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 08 December 2005 - 09:28 PM

Whoah! That did it! What does that mean anyway? The DNS had some junk in it? Is that caused by a virus? Anyway, thank you very much indeed. Now I can finally get started on the holiday shopping online and my wife will stop threatening to leave me. Happy holidays!

#10 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 08 December 2005 - 09:41 PM

Nope, just some extra buildup. Glad it worked :thumbup:

Here are some free programs and tips for keeping your system up to date, and to help keep all the riff raff out of your system.

* Download and Install CCleaner, Click on RUN TOOL, when you run the Issues Scan and it asks
you to back up the registry Say Yes.

Now that your clean, we need to erase all possible older infected files that may still be lurking on your system.
* Clean out your TEMP FILES
* This procedure should be run from SAFEMODE for better results.

To Enter SAFEMODE

* Go to START/ SHUT OF YOUR COMPUTER/ RESTART
* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
* Use the UP AND DOWN ARROW KEYS to scroll up to SAFEMODE
* Then press the ENTER KEY ON YOUR KEYBOARD

* Go to My Computer/ C: Drive/ Documents and Settings/ Local Settings/ Every User on this Computer
and delete all the contents of the Temp Folder

* Go to My Computer/ C:/ Windows/ Temp and delete all the contents of the Temp Folder

* Go to My Computer/ C:/ Windows/ Prefetch and remove all the contents of the Prefetch Folder.
But not the Prefetch folder itself.

NOW RE-BOOT NORMALLY


* Open INTERNET EXPLORER
* Click on the TOOLS MENU
* Then INTERNET OPTIONS
* At the GENERAL TAB (which should be the first tab you are currently on),
* click on the DELETE FILES BUTTON and put a checkmark in DELETE ALL OFFLINE CONTENT.
* Then press the OK BUTTON . This may take quite a while, so do not be alarmed with how long it takes.
* When it is done, your Temporary Internet Files will now be deleted.

Now Empty your Recycle Bin

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your
system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

Turn off System Restore.

* Right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* Check Turn off System Restore on all Drives.
* Click Apply, and then click OK.

Reboot your System

Turn ON System Restore.

* Right-click My Computer.
* ClickProperties.
* Click the System Restore tab.
* UN-Check Turn off System Restore on all Drives.
* Click Apply, and then click OK.

* Go to Start/ Control Panel/ Performance and Maintenance/ System Restore/ Create a New Restore Point
You can name the restore point anything you like, something that you can remember

* Make sure that your ANTI-VIRUS SOFTWARE is up to date and run a full scan at least once aweek.

* Here are Free Anti-Virus Programs if you need one

AVG Free Edition
AntVir Personal Edition


* Spybot Search and Destroy 1.4
Check for Updates/ Immunize and run a Full System Scan on a regular basis.

* Ad-Aware SE Personal 1.06
Check for Updates and run a Full System Scan on a regular basis.

* Spyware Blaster It will prevent most spyware from ever being installed.

* Spyware Guard It offers realtime protection from spyware installation attempts.

* Win Patrol This program will warn you when any changes are being made to your system and
give you the option to deny the change.

* IE- Spyad IE-Spyad places over 4000 web sites and domains
in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed,
although you will still be able to connect to the sites.

* Firefox Browser
It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use
them both. When it asks you if you want it to be your default browser, say NO and take the checkmark out of the box to ask you again. After you use this
for awhile, you will want to make it your default.

* Thunderbird Mail There companion mail program was highly favored in PCWorld Magazine,
this has a good spam filter and is more secure than Outlook Express.

* Zone Alarm Here is a free Firewall from Zone Labs, I wouldn't
access the internet without it.

* WINDOWS UPDATES - Enable Automatic Updates
Right click on MY COMPUTER/Click on PROPERTIES/ AUTOMATIC UPDATES and put a mark in the radio button
DOWNLOAD UPDATES FOR ME BUT LET ME CHOOSE WHEN TO INSTALL THEM.

* Go to START/ CONTROL PANEL> PERFROMANCE AND MAINTENANCE> REARRANGE ITEMS ON YOUR HARD DISK TO MAKE PROGRAMS RUN FASTER
This is the Windows Disk Defragger, run this maybe once or twice a month to keep your system running good. The first time you run it, it may take awhile.

Thanks for using Tom Coyote, I will keep this thread open for a few days in case you have any other questions.

Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#11 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 13 December 2005 - 06:43 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users