Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

New Spyware.


  • This topic is locked This topic is locked
9 replies to this topic

#1 afksky

afksky

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 04 April 2006 - 06:45 PM

Hello,

First let me start by saying That i am a Network Administrator and seem to have found a bug in my network someware. Here is what is going on.

If you go to a search engin and look for anything like say spyware when you click a link you go to some other site.. if you use the go back button affter clicking the link it will do it 3 more time before you may go to the site you are looking for.

2. The network at the office slows way down. seems there are a few other PC with this spyware in them.

Sometime this thing just takes over IE alltogather and no mater where you try to go you dont get there..


Here is the log.

Logfile of HijackThis v1.99.1
Scan saved at 8:18:35 PM, on 4/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.exe
C:\Program Files\Common Files\AOL\1139597609\ee\AOLSoftware.exe
C:\Documents and Settings\adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\program files\common files\aol\1139597609\ee\aim6.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\mIRC\mirc.exe
C:\Documents and Settings\Will.JRWALD\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Status Monitor CLJ1500] C:\Program Files\Hewlett-Packard\CLJ1500\\Toolbox\HPPOUMUI.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139597609\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Documents and Settings\adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Picture to Mobile Phone - C:\Program Files\Pix2Fone\p2fd.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload File - {A2F93841-DEAB-0392-4958-BA333CF05732} - C:\Program Files\Pix2Fone\p2fup.html (HKCU)
O9 - Extra 'Tools' menuitem: Upload File to Mobile Phone - {A2F93841-DEAB-0392-4958-BA333CF05732} - C:\Program Files\Pix2Fone\p2fup.html (HKCU)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://jrwald1/appli...rds/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://osas.webex.c...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = JRWALD
O17 - HKLM\Software\..\Telephony: DomainName = JRWALD
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEF94DC3-39B5-4A81-BD9C-D394CB6D6AF6}: NameServer = 85.255.113.203,85.255.112.217
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3091201-0E12-4951-9A7D-7864133FFBBA}: NameServer = 85.255.113.203,85.255.112.217
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4A00931-C77B-4F1D-AFBE-A95CC21E8E23}: NameServer = 85.255.113.203,85.255.112.217
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = JRWALD
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Documents and Settings\adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    Advertisements

Register to Remove


#2 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 04 April 2006 - 07:05 PM

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.sub.../Fixwareout.exe
http://swandog46.gee.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.


Then reboot and post a new hijackthis log.

#3 afksky

afksky

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 04 April 2006 - 07:24 PM

Fixwareout ver 1.003
Last edited march/15/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\ctkmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmktc.exe"=-
...

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\IPSEC6.EXE
* csr.exe C:\WINDOWS\System32\CSBUZ.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

---- Log below


Logfile of HijackThis v1.99.1
Scan saved at 9:17:51 PM, on 4/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.exe
C:\Program Files\Common Files\AOL\1139597609\ee\AOLSoftware.exe
C:\Documents and Settings\adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\program files\common files\aol\1139597609\ee\aim6.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Will.JRWALD\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Status Monitor CLJ1500] C:\Program Files\Hewlett-Packard\CLJ1500\\Toolbox\HPPOUMUI.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139597609\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Documents and Settings\adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Picture to Mobile Phone - C:\Program Files\Pix2Fone\p2fd.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload File - {A2F93841-DEAB-0392-4958-BA333CF05732} - C:\Program Files\Pix2Fone\p2fup.html (HKCU)
O9 - Extra 'Tools' menuitem: Upload File to Mobile Phone - {A2F93841-DEAB-0392-4958-BA333CF05732} - C:\Program Files\Pix2Fone\p2fup.html (HKCU)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://jrwald1/appli...rds/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://osas.webex.c...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = JRWALD
O17 - HKLM\Software\..\Telephony: DomainName = JRWALD
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEF94DC3-39B5-4A81-BD9C-D394CB6D6AF6}: NameServer = 85.255.113.203,85.255.112.217
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3091201-0E12-4951-9A7D-7864133FFBBA}: NameServer = 85.255.113.203,85.255.112.217
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4A00931-C77B-4F1D-AFBE-A95CC21E8E23}: NameServer = 85.255.113.203,85.255.112.217
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = JRWALD
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Documents and Settings\adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#4 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 04 April 2006 - 07:31 PM

Run the wareout fix again.

Then scan with hijackthis and put a heck beside these lines if present and choose FIX

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O17 - HKLM\System\CCS\Services\Tcpip\..\{CEF94DC3-39B5-4A81-BD9C-D394CB6D6AF6}: NameServer = 85.255.113.203,85.255.112.217
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3091201-0E12-4951-9A7D-7864133FFBBA}: NameServer = 85.255.113.203,85.255.112.217
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4A00931-C77B-4F1D-AFBE-A95CC21E8E23}: NameServer = 85.255.113.203,85.255.112.217

NEXT

Please download the trial version of Ewido Security Suite here:

http://www.ewido.net/en/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

#5 afksky

afksky

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 04 April 2006 - 09:02 PM

here are all the reports

Logfile of HijackThis v1.99.1
Scan saved at 10:53:14 PM, on 4/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.exe
C:\Program Files\Common Files\AOL\1139597609\ee\AOLSoftware.exe
C:\Documents and Settings\adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
c:\program files\common files\aol\1139597609\ee\aim6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Will.JRWALD\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Status Monitor CLJ1500] C:\Program Files\Hewlett-Packard\CLJ1500\\Toolbox\HPPOUMUI.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139597609\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Documents and Settings\adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Picture to Mobile Phone - C:\Program Files\Pix2Fone\p2fd.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload File - {A2F93841-DEAB-0392-4958-BA333CF05732} - C:\Program Files\Pix2Fone\p2fup.html (HKCU)
O9 - Extra 'Tools' menuitem: Upload File to Mobile Phone - {A2F93841-DEAB-0392-4958-BA333CF05732} - C:\Program Files\Pix2Fone\p2fup.html (HKCU)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://jrwald1/appli...rds/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://osas.webex.c...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = JRWALD
O17 - HKLM\Software\..\Telephony: DomainName = JRWALD
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = JRWALD
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Documents and Settings\adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:48:59 PM, 4/4/2006
+ Report-Checksum: 992060EB

+ Scan result:

C:\Documents and Settings\Will\Cookies\will@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@e-2dj6wgkiqjdzmao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@e-2dj6wjk4qocpsco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@e-2dj6wjk4qpcpsap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@e-2dj6wjkouoczalo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@e-2dj6wjkyqidzmko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@e-2dj6wjkysndzgao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@e-2dj6wjmiupdpkdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@e-2dj6wjmiwic5odo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@e-2dj6wjny-1sdzwb.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@e-2dj6wjnyapdpccp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@e-2dj6wjnyggczeeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@flukecorporation.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@news.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Will\Cookies\will@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.378:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.379:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
:mozilla.410:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.411:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.412:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.415:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.416:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.422:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.423:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.424:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.425:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.426:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.427:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.430:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.431:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.432:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.436:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.441:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.442:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.444:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.454:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.456:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.457:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.460:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.462:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.471:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.474:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.477:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.478:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.479:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.480:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.481:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.482:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.483:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.484:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.485:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.486:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.487:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.495:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.498:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.502:C:\Documents and Settings\Will.JRWALD\Application Data\Mozilla\Firefox\Profiles\nb5t7f7r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Will.JRWALD\Cookies\will@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Will.JRWALD\Cookies\will@7search[1].txt -> TrackingCookie.7search : Cleaned with backup
C:\Documents and Settings\Will.JRWALD\Cookies\will@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Will.JRWALD\Cookies\will@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Will.JRWALD\Cookies\will@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Will.JRWALD\Cookies\will@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\Will.JRWALD\Cookies\will@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Will.JRWALD\Cookies\will@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Will.JRWALD\Cookies\will@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Will.JRWALD\Cookies\will@ehg-idg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Will.JRWALD\Cookies\will@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Will.JRWALD\Cookies\will@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Will.JRWALD\Cookies\will@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Will.JRWALD\Cookies\will@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Will.JRWALD\Cookies\will@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Will.JRWALD\Cookies\will@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Will.JRWALD\Cookies\will@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Will.JRWALD\Cookies\will@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Will.JRWALD\Cookies\will@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Will.JRWALD\Cookies\will@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Will.JRWALD\Cookies\will@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Will.JRWALD\Cookies\will@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\RECYCLER\S-1-5-21-36707956-159605990-1844936127-1221\Dc28.exe -> Hijacker.Small.kg : Cleaned with backup
C:\RECYCLER\S-1-5-21-36707956-159605990-1844936127-1221\Dc29.exe -> Hijacker.Small : Cleaned with backup
C:\RECYCLER\S-1-5-21-36707956-159605990-1844936127-1221\Dc30.exe -> Trojan.Small.gq : Cleaned with backup
C:\RECYCLER\S-1-5-21-36707956-159605990-1844936127-1221\Dc31.exe -> Adware.Msnagent : Cleaned with backup
C:\RECYCLER\S-1-5-21-36707956-159605990-1844936127-1221\Dc32.exe -> Adware.FindSpy : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ieatgpc.dll -> Adware.WebEx : Cleaned with backup


::Report End

#6 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 04 April 2006 - 09:08 PM

Looks ok how is it running?

#7 afksky

afksky

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 04 April 2006 - 09:17 PM

Seems to be running better then it was.. I have not done much as of yet.. had to clean out the favorites folders seems there was 100 links in there to adult site and spyware sites.. Now is there any good tools to use on the office network to keep this from happing again. I have 10 my PC doing the same thing.. Thanks Will

#8 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 04 April 2006 - 09:19 PM

Sorry network security not my thing only stand alone pc's. I would recommend that you visist this forum >>> http://www.dslreport.../forum/security

Great place to ask questions on topics like that and you will get some very good answers.

#9 afksky

afksky

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 04 April 2006 - 09:20 PM

Thank you..

#10 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 04 April 2006 - 09:21 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users