Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Infected Computer
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 04-22-2007, 07:22 PM   #1 (permalink)
Registered User
 
Join Date: Jan 2007
Posts: 39
OS: WIN XP PRO


Infected Computer
Recently this computer has started acting like it has been pretty infected by viruses or spyware. The first symptom was Iexplorer opening multiple windows rapidly non-stop. Now the computer gets a LOT of pop-ups through iternet exlorer even when the program isn't open. I've followed the five steps posted prior to posting this log and I haven't been alble to remedy the problems. I've deleted a lot of spyware/adware but whatever has infected the computer keeps re-downloading more. Log is as follows:

Deckard's System Scanner v20070411.38
Run by Mom and Dad on 2007-04-22 at 22:09:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
20: 2007-04-23 02:09:56 UTC - RP1318 - Deckard's System Scanner Restore Point
19: 2007-04-22 23:02:40 UTC - RP1317 - System Checkpoint
18: 2007-04-21 22:08:11 UTC - RP1316 - System Checkpoint
17: 2007-04-20 21:23:33 UTC - RP1315 - System Checkpoint
16: 2007-04-19 21:19:24 UTC - RP1314 - Software Distribution Service 2.0


-- First Restore Point --
1: 2007-04-14 21:48:27 UTC - RP1299 - Spybot-S&D Spyware removal


Performed disk cleanup.


-- HijackThis (run as Mom and Dad.exe) -----------------------------------------

HijackThis failed to provide a log after three minutes; running clone instead.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-04-22 22:13:32
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.0.5730.11)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Mom and Dad\Desktop\dss.exe
C:\Program Files\HijackThis\Mom and Dad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tmpCD.tmp.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {983d75b1-b947-4c4b-a49f-24438a422052} - C:\WINDOWS\system32\jav253.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZS
O8 - Extra context menu item: Backward &Links - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra 'Tools' menuitem: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1105162440937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125198812084
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553572000} () - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game...nematycoon.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...loader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: jav253 - C:\WINDOWS\system32\jav253.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - "C:\Program Files\Norton\isPwdSvc.exe"
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - "C:\Program Files\Raxco\PerfectDisk\PDEngine.exe"
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - "C:\Program Files\Raxco\PerfectDisk\PDSched.exe"
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"


-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - unable to read value
.vbs - VBSFile - shell\open\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Defrag32b (Defrag32Boot) - c:\windows\system32\drivers\defrag32b.sys
R1 AFS2K - c:\windows\system32\drivers\afs2k.sys
R1 DcCam (Kodak Camera Proxy) - c:\windows\system32\drivers\dccam.sys
R1 DMICall (Sony DMI Call service) - c:\windows\system32\drivers\dmicall.sys
R1 SonyFanC (FAN Control Device Service) - c:\windows\system32\drivers\sonyfanc.sys
R1 SRTSP - c:\windows\system32\drivers\srtsp.sys
R1 SRTSPX - c:\windows\system32\drivers\srtspx.sys
R2 DCFS2K (Kodak DCFS2K Driver) - c:\windows\system32\drivers\dcfs2k.sys
R2 Defrag32 - c:\windows\system32\drivers\defrag32.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys
R3 ROOTMODEM (Microsoft Legacy Modem Driver) - c:\windows\system32\drivers\rootmdm.sys
R3 smwdm - c:\windows\system32\drivers\smwdm.sys

S1 Exportit - c:\windows\system32\drivers\exportit.sys
S2 windev-1e41-5c5b - c:\windows\system32\windev-1e41-5c5b.sys (file missing)
S3 BCM42XX (Broadcom iLine10(tm) Network Adapter Driver) - c:\windows\system32\drivers\bcm42xx5.sys
S3 BCMModem (BCM V.90 56K Modem) - c:\windows\system32\drivers\bcmdm.sys
S3 DcFpoint - c:\windows\system32\drivers\dcfpoint.sys
S3 DcLps (Legacy Polling Service) - c:\windows\system32\drivers\dclps.sys
S3 DcPTP - c:\windows\system32\drivers\dcptp.sys
S3 EraserUtilDrv10720 - c:\program files\common files\symantec shared\eengine\eraserutildrv10720.sys (file missing)
S3 ltmodem5 (Lucent Modem Driver) - c:\windows\system32\drivers\ltmdmnt.sys
S3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys
S3 SRTSPL - c:\windows\system32\drivers\srtspl.sys
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon
R2 MSSQL$SQLEXPRESS (SQL Server (SQLEXPRESS)) - "c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe" -ssqlexpress
R2 PDSched (PDScheduler) - "c:\program files\raxco\perfectdisk\pdsched.exe"
R2 SQLBrowser (SQL Server Browser) - "c:\program files\microsoft sql server\90\shared\sqlbrowser.exe"
R2 SQLWriter (SQL Server VSS Writer) - "c:\program files\microsoft sql server\90\shared\sqlwriter.exe"

S2 LiveUpdate Notice Service - "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifeng.dll"
S3 SPTISRV (Sony SPTI Service) - c:\program files\common files\sony shared\avlib\sptisrv.exe
S4 msvsmon80 (Visual Studio 2005 Remote Debugger) - "d:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe" /service msvsmon80


-- Scheduled Tasks -------------------------------------------------------------

2007-04-22 17:39:02 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-04-22 16:54:18 434 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{699F02C7-3898-42D3-8232-C75F5FE94137}.job<USER_F~1.JOB>
2007-04-17 16:25:26 548 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Mom and Dad.job<NORTON~1.JOB>


-- Files created between 2007-03-22 and 2007-04-22 -----------------------------

2007-04-22 21:39:12 21312 --a------ C:\WINDOWS\choice.exe
2007-04-22 21:34:23 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-04-22 21:29:30 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-04-21 11:02:00 0 d--hs---- C:\FOUND.001
2007-04-20 12:54:57 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-04-20 11:33:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-04-20 11:32:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder<SHARE-~1>
2007-04-17 16:13:09 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-04-17 16:13:09 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-04-17 16:11:53 0 d-------- C:\Program Files\Symantec
2007-04-17 16:11:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-04-17 16:10:39 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-04-17 16:10:31 0 d-------- C:\Program Files\Norton
2007-04-16 16:15:27 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-04-14 18:34:34 0 d--hs---- C:\FOUND.000
2007-04-14 11:59:57 0 d-------- C:\Documents and Settings\Mom and Dad\Application Data\Azureus
2007-04-13 18:27:51 0 d-------- C:\Documents and Settings\John\Application Data\Lavasoft
2007-04-11 15:44:02 18943 --a------ C:\WINDOWS\system32\jav253.dll
2007-04-07 19:52:12 0 d-------- C:\Program Files\Hide And Secret<HIDEAN~1>
2007-04-06 14:54:38 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll<CMDLIN~1.DLL>
2007-04-06 14:44:46 35430 --a------ C:\WINDOWS\DIIUnin.dat
2007-04-06 14:44:40 2829 --a------ C:\WINDOWS\DIIUnin.pif
2007-04-06 14:44:40 94208 --a------ C:\WINDOWS\DIIUnin.exe
2007-03-30 16:25:55 0 d-------- C:\Program Files\iWin.com
2007-03-29 22:07:11 0 d-------- C:\Program Files\MSXML 6.0<MSXML6~1.0>
2007-03-29 18:29:31 0 d-------- C:\Documents and Settings\Leigh\Application Data\Magic Academy<MAGICA~1>
2007-03-27 19:04:54 0 d--h----- C:\Documents and Settings\Leigh\Application Data\Move Networks<MOVENE~1>
2007-03-26 18:11:55 66560 --a------ C:\WINDOWS\MOTA113.exe
2007-03-26 18:11:55 217073 --a------ C:\WINDOWS\meta4.exe
2007-03-26 18:11:54 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-03-26 18:11:54 70656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-03-26 18:11:54 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll<AVSRED~1.DLL>
2007-03-26 18:11:53 471552 --a------ C:\WINDOWS\system32\Smab.dll
2007-03-26 18:11:53 719872 --a------ C:\WINDOWS\system32\devil.dll
2007-03-26 18:11:53 306688 --a------ C:\WINDOWS\system32\avisynth.dll
2007-03-26 18:11:51 0 d-------- C:\Program Files\AviSynth 2.5<AVISYN~1.5>
2007-03-26 18:11:33 31232 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2007-03-26 18:11:33 163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll
2007-03-24 20:51:03 0 d-------- C:\Documents and Settings\John\Application Data\Apple Computer<APPLEC~1>
2007-03-23 17:54:51 0 d-------- C:\Program Files\Microsoft SQL Server<MI6841~1>
2007-03-23 17:53:43 0 d-------- C:\Program Files\Microsoft Device Emulator<MI9C2B~1>
2007-03-23 17:53:26 0 d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition<MI40D9~1>
2007-03-23 17:42:22 0 d-------- C:\Program Files\MSBuild
2007-03-23 17:30:23 0 d-------- C:\WINDOWS\Symbols
2007-03-23 17:30:23 0 d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions<PREEMP~1>
2007-03-23 17:30:22 0 d-------- C:\Program Files\HTML Help Workshop<HTMLHE~1>
2007-03-23 17:30:22 0 d-------- C:\Program Files\Common Files\Merge Modules<MERGEM~1>
2007-03-23 17:30:22 0 d-------- C:\Program Files\Common Files\Business Objects<BUSINE~1>
2007-03-23 17:30:22 0 d-------- C:\Program Files\CE Remote Tools<CEREMO~1>
2007-03-23 17:25:26 0 d-------- C:\Program Files\Microsoft Visual Studio 8<MID05A~1>
2007-03-23 17:25:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help<MICROS~2>
2007-03-22 16:47:35 46344 --a------ C:\WINDOWS\NSSetDefaultBrowser.EXE<NSSETD~1.EXE>


-- Find3M Report ---------------------------------------------------------------

2007-04-22 20:48:12 19368 --a------ C:\WINDOWS\mozver.dat
2007-04-06 14:52:48 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2007-04-06 14:52:48 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2007-04-06 14:52:46 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2007-03-31 17:09:46 33296 --a------ C:\Documents and Settings\Mom and Dad\Application Data\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
2007-03-17 09:43:02 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-06 22:37:18 0 d-------- C:\Program Files\MSN Games<MSNGAM~2>
2007-03-05 14:57:48 4 --a------ C:\WINDOWS\system32\6A54FE
2007-02-23 19:10:20 335 --a------ C:\WINDOWS\mozregistry.dat<MOZREG~1.DAT>
2007-02-10 05:29:52 2234224 --a------ C:\WINDOWS\system32\sqlncli.dll
2007-02-10 05:29:52 67952 --a------ C:\WINDOWS\system32\sqlctr90.dll
2007-02-05 16:17:02 185344 --a------ C:\WINDOWS\system32\upnphost.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Weather"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton\\osCheck.exe\""
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -hx"
"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkVwMon.exe.lnk]
"backup"="C:\\WINDOWS\\pss\\NkVwMon.exe.lnkCommon Startup"
"location"="Common Startup"
"item"="NkVwMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
"backup"="C:\\WINDOWS\\pss\\Verizon Online Support Center.lnkCommon Startup"
"location"="Common Startup"
"command"="c:\\program files\\hewlett-packard\\hpis\\bin\\matcli.exe -boot"
"item"="Verizon Online Support Center"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FotomatDeviceConnect"
"hkey"="HKLM"
"command"="c:\\program files\\common files\\viewpoint\\toolbar runtime\\3.7.0\\fotomatdeviceconnect.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jav253

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1c3449f-613a-11d9-a932-806d6172696f}]
Shell\AutoRun\command F:\Aly_Aj.exe


-- Hosts -----------------------------------------------------------------------

127.0.0.1 ns8-stats.netscape.com


-- End of Deckard's System Scanner: finished at 2007-04-22 at 22:16:14 ---------
dark_shard is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 05-01-2007, 11:35 AM   #2 (permalink)
Registered User
 
Join Date: Jan 2007
Posts: 39
OS: WIN XP PRO


Re: Infected Computer
Bumping
dark_shard is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-03-2007, 10:15 AM   #3 (permalink)
Registered User
 
suebaby41's Avatar
 
Join Date: Nov 2004
Posts: 159
OS: WINXP


Re: Infected Computer
Welcome to the Tech Support Forums. Sorry for the delay in responding. If you still need help, please post a new HijackThis log. Thanks.
__________________
You don't stop laughing when you get old; you get old when you stop laughing.
Last edited by suebaby41; 05-03-2007 at 10:18 AM.
suebaby41 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-03-2007, 11:09 AM   #4 (permalink)
Registered User
 
suebaby41's Avatar
 
Join Date: Nov 2004
Posts: 159
OS: WINXP


Re: Infected Computer
  1. Please download VundoFix.exe to your desktop.
    1. Double-click VundoFix.exe to run it.
    2. Click the Scan for Vundo button.
    3. After it's done scanning, click the Remove Vundo button.
    4. You will receive a prompt asking if you want to remove the files, click YES;
    5. After you click YES, your desktop will go blank as it starts removing Vundo.
    6. When completed, it will prompt that it will reboot your computer, click OK.
  2. Note: It is possible that VundoFix.exe may encounter a file it could not remove. In this case, VundoFix.exe will run on reboot, simply follow the above instructions starting from (1b) Click the Scan for Vundo button when VundoFix.exe appears at reboot.
  3. Please post the contents of C:\vundofix.txt and a new HijackThis log.
__________________
You don't stop laughing when you get old; you get old when you stop laughing.
suebaby41 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-03-2007, 12:24 PM   #5 (permalink)
Registered User
 
suebaby41's Avatar
 
Join Date: Nov 2004
Posts: 159
OS: WINXP


Re: Infected Computer
The entries below indicate that you may have two antivirus programs, Norton AntiVirus and AVG Freeon your computer.

Norton AntiVirus

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton\osCheck.exe"

AVG Free

C:\Program Files\Grisoft\AVG Free\avgcc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

When you have more than one antivirus running at the same time, they conflict with each other rendering the computer vulnerable or unusable. It may even cause crashes. Please review this information:
Should you run more than one antivirus program at the same time?
Microsoft recommends that you have only one anti-virus program installed on your computer.

There are basically two types of antivirus programs: On-Access and On-Demand

On-Access Scanners, as the name implies, run in the background all the time the PC is turned on and running. The main function of an on-access scanner is to monitor activity on your machine.

On-Demand Scanners, such as Online Scans and scanners that run on your machine but are not actively scanning your machine, as the name implies, are scanners that only run when you ask them to run.

Antivirus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two antivirus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. I notice that you are using more than one antivirus program. This is very dangerous, as multiple antivirus programs can interfere with one another and actually allow MORE viruses to get through. Running two antivirus programs at the same time could lead to both of them trying to scan the same file at the same time, scan the same email at the same time and so on which could lead to conflicts.
I strongly suggest you do one of the following:
  1. Configure only one antivirus program to enable automatic realtime scanning and leave the rest disabled most of the time.
  2. Go to "Start -> Control Panel -> Add/Remove Programs" and uninstall all but one antivirus program.
__________________
You don't stop laughing when you get old; you get old when you stop laughing.
suebaby41 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-08-2007, 07:48 AM   #6 (permalink)
Registered User
 
Join Date: Jan 2007
Posts: 39
OS: WIN XP PRO


Re: Infected Computer
Sorry about taking so long to reply, I was out of town for a while and had practically given up on this post hahah. Thanks for replying! I had actually run VundoFix when the problems first started to occur. It didn't find anything at that time, but this time it found two .dlls. Here's the new scan report:


Deckard's System Scanner v20070411.38
Run by Mom and Dad on 2007-05-08 at 10:42:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Mom and Dad.exe) -----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:43:55 AM, on 5/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mom and Dad\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\MOMAND~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.cnn.com"); (C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {983d75b1-b947-4c4b-a49f-24438a422052} - C:\WINDOWS\system32\jav253.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\byyayv.dll",realset
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZS
O8 - Extra context menu item: Backward &Links - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mp3: C:\Program Files\Netscape\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1105162440937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125198812084
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553572000} - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game...nematycoon.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...loader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: jav253 - jav253.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe


-- Files created between 2007-04-08 and 2007-05-08 -----------------------------

2007-05-08 10:27:15 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-05-03 12:28:06 0 d-------- C:\WINDOWS\system32\VirtualExpander<VIRTUA~1>
2007-05-03 11:54:38 0 d-------- C:\Documents and Settings\Mom and Dad\Incomplete<INCOMP~1>
2007-05-03 11:54:27 0 d-------- C:\Documents and Settings\Mom and Dad\Application Data\LimeWire
2007-05-02 13:42:57 0 d-------- C:\Documents and Settings\Leigh\Application Data\Lavasoft
2007-04-29 21:05:58 0 d--hs---- C:\FOUND.002
2007-04-22 21:39:12 21312 --a------ C:\WINDOWS\choice.exe
2007-04-22 21:34:23 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-04-22 21:29:30 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-04-21 11:02:00 0 d--hs---- C:\FOUND.001
2007-04-20 12:54:57 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-04-20 11:33:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-04-20 11:32:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder<SHARE-~1>
2007-04-17 16:11:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-04-17 16:10:39 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-04-16 16:15:27 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-04-14 18:34:34 0 d--hs---- C:\FOUND.000
2007-04-14 11:59:57 0 d-------- C:\Documents and Settings\Mom and Dad\Application Data\Azureus
2007-04-13 18:27:51 0 d-------- C:\Documents and Settings\John\Application Data\Lavasoft


-- Find3M Report ---------------------------------------------------------------

2007-05-06 12:13:42 19368 --a------ C:\WINDOWS\mozver.dat
2007-04-10 15:30:02 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll<CMDLIN~1.DLL>
2007-04-06 14:54:30 35430 --a------ C:\WINDOWS\DIIUnin.dat
2007-04-06 14:52:48 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2007-04-06 14:52:48 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2007-04-06 14:52:46 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2007-04-06 14:44:42 2829 --a------ C:\WINDOWS\DIIUnin.pif
2007-04-06 14:44:42 94208 --a------ C:\WINDOWS\DIIUnin.exe
2007-03-31 17:09:46 33296 --a------ C:\Documents and Settings\Mom and Dad\Application Data\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
2007-03-30 16:25:56 0 d-------- C:\Program Files\iWin.com
2007-03-29 22:07:12 0 d-------- C:\Program Files\MSXML 6.0<MSXML6~1.0>
2007-03-23 17:54:52 0 d-------- C:\Program Files\Microsoft SQL Server<MI6841~1>
2007-03-23 17:53:44 0 d-------- C:\Program Files\Microsoft Device Emulator<MI9C2B~1>
2007-03-23 17:53:28 0 d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition<MI40D9~1>
2007-03-23 17:42:24 0 d-------- C:\Program Files\MSBuild
2007-03-23 17:30:24 0 d-------- C:\Program Files\HTML Help Workshop<HTMLHE~1>
2007-03-23 17:30:24 0 d-------- C:\Program Files\Common Files\Merge Modules<MERGEM~1>
2007-03-23 17:30:24 0 d-------- C:\Program Files\Common Files\Business Objects<BUSINE~1>
2007-03-23 17:30:24 0 d-------- C:\Program Files\CE Remote Tools<CEREMO~1>
2007-03-23 17:25:28 0 d-------- C:\Program Files\Microsoft Visual Studio 8<MID05A~1>
2007-03-22 16:47:36 46344 --a------ C:\WINDOWS\NSSetDefaultBrowser.EXE<NSSETD~1.EXE>
2007-03-17 09:43:02 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-05 14:57:48 4 --a------ C:\WINDOWS\system32\6A54FE
2007-02-23 19:10:20 335 --a------ C:\WINDOWS\mozregistry.dat<MOZREG~1.DAT>
2007-02-10 05:29:52 2234224 --a------ C:\WINDOWS\system32\sqlncli.dll
2007-02-10 05:29:52 67952 --a------ C:\WINDOWS\system32\sqlctr90.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Weather"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"InfoData"="rundll32.exe \"C:\\WINDOWS\\byyayv.dll\",realset"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -hx"
"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkVwMon.exe.lnk]
"backup"="C:\\WINDOWS\\pss\\NkVwMon.exe.lnkCommon Startup"
"location"="Common Startup"
"item"="NkVwMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
"backup"="C:\\WINDOWS\\pss\\Verizon Online Support Center.lnkCommon Startup"
"location"="Common Startup"
"command"="c:\\program files\\hewlett-packard\\hpis\\bin\\matcli.exe -boot"
"item"="Verizon Online Support Center"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FotomatDeviceConnect"
"hkey"="HKLM"
"command"="c:\\program files\\common files\\viewpoint\\toolbar runtime\\3.7.0\\fotomatdeviceconnect.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jav253

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##Johnscomputer#F]
Shell\AutoRun\command Z:\Monkey.exe


-- End of Deckard's System Scanner: finished at 2007-05-08 at 10:44:33 ---------
dark_shard is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-08-2007, 10:34 AM   #7 (permalink)
Registered User
 
suebaby41's Avatar
 
Join Date: Nov 2004
Posts: 159
OS: WINXP


Re: Infected Computer
  1. Please download ComboFix.
  2. Double click combofix.exe & follow the prompts.
  3. A window will open with a warning. Type Y (and Enter) to start the fix.
  4. The scan will temporarily disable your desktop, and if interrupted, may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
  5. Caution - do not touch your mouse/keyboard until the scan has completed. That may cause it to stall.
  6. When finished, ComboFix will produce a log for you and will automatically save the log file to C:\combofix.txt.
  7. ComboFix will create a folder called QooBox in C: (C:\QooBox). It will contain any folders that were quarantined. When you are done, you can delete this folder - QooBox.
  8. Please post the log from ComboFix and a new HijackThis log. Thanks.
__________________
You don't stop laughing when you get old; you get old when you stop laughing.
suebaby41 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-08-2007, 12:38 PM   #8 (permalink)
Registered User
 
Join Date: Jan 2007
Posts: 39
OS: WIN XP PRO


Re: Infected Computer
Combo Fix Log:

"Mom and Dad" - 2007-05-08 15:07:45 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\Mom and Dad\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\tmp1FE.tmp.dll
C:\WINDOWS\system32\tmp4.tmp.dll
C:\WINDOWS\system32\tmp280.tmp.dll
C:\WINDOWS\system32\tmp5.tmp.dll
C:\WINDOWS\system32\tmp51B.tmp.dll
C:\Program Files\winupdates


((((((((((((((((((((((((((((((( Files Created from 2007-04-08 to 2007-05-08 ))))))))))))))))))))))))))))))))))


2007-05-08 10:27 <DIR> d-------- C:\VundoFix Backups
2007-05-03 12:28 <DIR> d-------- C:\WINDOWS\system32\VirtualExpander
2007-05-03 11:54 <DIR> d-------- C:\DOCUME~1\MOMAND~1\Incomplete
2007-05-03 11:54 <DIR> d-------- C:\DOCUME~1\MOMAND~1\APPLIC~1\LimeWire
2007-05-02 13:42 <DIR> d-------- C:\DOCUME~1\Leigh\APPLIC~1\Lavasoft
2007-04-29 21:05 <DIR> d--hs---- C:\FOUND.002
2007-04-22 22:09 <DIR> d-------- C:\Deckard
2007-04-22 21:39 21,312 --a------ C:\WINDOWS\choice.exe
2007-04-22 21:34 <DIR> d-------- C:\Program Files\SpywareGuard
2007-04-22 21:29 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-04-21 11:02 <DIR> d--hs---- C:\FOUND.001
2007-04-20 12:54 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-20 11:33 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-04-20 11:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Share-to-Web Upload Folder
2007-04-17 16:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-04-17 16:10 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-04-16 16:15 <DIR> d-------- C:\Program Files\Windows Defender
2007-04-14 18:34 <DIR> d--hs---- C:\FOUND.000
2007-04-14 11:59 <DIR> d-------- C:\DOCUME~1\MOMAND~1\APPLIC~1\Azureus
2007-04-13 18:27 <DIR> d-------- C:\DOCUME~1\John\APPLIC~1\Lavasoft


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-06 16:13:42 19,368 ----a-w C:\WINDOWS\mozver.dat
2007-04-10 19:30:02 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-04-06 18:54:30 35,430 ----a-w C:\WINDOWS\DIIUnin.dat
2007-04-06 18:52:48 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll
2007-04-06 18:52:48 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll
2007-04-06 18:52:46 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll
2007-04-06 18:44:42 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2007-04-06 18:44:42 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2007-03-31 21:09:46 33,296 ----a-w C:\DOCUME~1\MOMAND~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-03-30 20:25:56 -------- d-----w C:\Program Files\iWin.com
2007-03-30 02:07:12 -------- d-----w C:\Program Files\MSXML 6.0
2007-03-23 21:54:52 -------- d-----w C:\Program Files\Microsoft SQL Server
2007-03-23 21:53:44 -------- d-----w C:\Program Files\Microsoft Device Emulator
2007-03-23 21:53:28 -------- d-----w C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2007-03-23 21:42:24 -------- d-----w C:\Program Files\MSBuild
2007-03-23 21:30:24 -------- d-----w C:\Program Files\HTML Help Workshop
2007-03-23 21:30:24 -------- d-----w C:\Program Files\Common Files\Merge Modules
2007-03-23 21:30:24 -------- d-----w C:\Program Files\Common Files\Business Objects
2007-03-23 21:30:24 -------- d-----w C:\Program Files\CE Remote Tools
2007-03-23 21:25:28 -------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-03-22 20:47:36 46,344 ----a-w C:\WINDOWS\NSSetDefaultBrowser.EXE
2007-03-17 13:43:02 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-23 23:10:20 335 ----a-w C:\WINDOWS\mozregistry.dat
2007-02-10 09:29:52 67,952 ----a-w C:\WINDOWS\system32\sqlctr90.dll
2007-02-10 09:29:52 2,234,224 ----a-w C:\WINDOWS\system32\sqlncli.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll"
"{4A368E80-174F-4872-96B5-0B27DDD11DB2}"="C:\Program Files\SpywareGuard\dlprotect.dll"
"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}"="C:\Program Files\Yahoo!\Common\yiesrvc.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll"
"{983d75b1-b947-4c4b-a49f-24438a422052}"="C:\WINDOWS\system32\jav253.dll" [x]
"{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar1.dll" [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Weather"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="C:\PROGRA~1\Qualcomm\Eudora\EuShlExt.dll"


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jav253

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^adobe reader speed launch.lnk
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^kodak easyshare software.lnk
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -hx

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^nkvwmon.exe.lnk

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^verizon online support center.lnk
c:\program files\hewlett-packard\hpis\bin\matcli.exe -boot

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper
"D:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs
"C:\Program Files\Messenger\msmsgs.exe" /background

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\viewpointphotosdeviceconnect
c:\program files\common files\viewpoint\toolbar runtime\3.7.0\fotomatdeviceconnect.exe


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0
WudfServiceGroup WUDFSvc\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##Johnscomputer#F]
Shell\AutoRun\command Z:\Monkey.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{699F02C7-3898-42D3-8232-C75F5FE94137}.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-08 15:12:42
Windows 5.1.2600 Service Pack 2 FAT

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-08 15:13:04
C:\ComboFix-quarantined-files.txt ... 2007-05-08 15:13

HijackThis/Deckard'sSystemScanner log:

Deckard's System Scanner v20070411.38
Run by Mom and Dad on 2007-05-08 at 15:28:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Mom and Dad.exe) -----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:30:11 PM, on 5/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Mom and Dad\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\MOMAND~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.cnn.com"); (C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {983d75b1-b947-4c4b-a49f-24438a422052} - C:\WINDOWS\system32\jav253.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZS
O8 - Extra context menu item: Backward &Links - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mp3: C:\Program Files\Netscape\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1105162440937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125198812084
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553572000} - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game...nematycoon.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...loader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: jav253 - jav253.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe


-- Files created between 2007-04-08 and 2007-05-08 -----------------------------

2007-05-08 15:13:05 49152 --a------ C:\WINDOWS\system32\vfind.exe
2007-05-08 15:13:05 428032 --a------ C:\WINDOWS\system32\swreg.exe
2007-05-08 15:13:05 49152 --a------ C:\WINDOWS\nircmd.exe
2007-05-08 15:13:05 86528 --a------ C:\WINDOWS\catchme.exe
2007-05-08 15:13:04 212480 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-05-08 15:13:04 370688 --a------ C:\WINDOWS\system32\swsc.exe
2007-05-08 15:13:04 38400 --a------ C:\WINDOWS\system32\moveex.exe
2007-05-08 10:27:15 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-05-03 12:28:06 0 d-------- C:\WINDOWS\system32\VirtualExpander<VIRTUA~1>
2007-05-03 11:54:38 0 d-------- C:\Documents and Settings\Mom and Dad\Incomplete<INCOMP~1>
2007-05-03 11:54:27 0 d-------- C:\Documents and Settings\Mom and Dad\Application Data\LimeWire
2007-05-02 13:42:57 0 d-------- C:\Documents and Settings\Leigh\Application Data\Lavasoft
2007-04-29 21:05:58 0 d--hs---- C:\FOUND.002
2007-04-22 21:39:12 21312 --a------ C:\WINDOWS\choice.exe
2007-04-22 21:34:23 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-04-22 21:29:30 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-04-21 11:02:00 0 d--hs---- C:\FOUND.001
2007-04-20 12:54:57 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-04-20 11:33:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-04-20 11:32:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder<SHARE-~1>
2007-04-17 16:11:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-04-17 16:10:39 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-04-16 16:15:27 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-04-14 18:34:34 0 d--hs---- C:\FOUND.000
2007-04-14 11:59:57 0 d-------- C:\Documents and Settings\Mom and Dad\Application Data\Azureus
2007-04-13 18:27:51 0 d-------- C:\Documents and Settings\John\Application Data\Lavasoft


-- Find3M Report ---------------------------------------------------------------

2007-05-06 12:13:42 19368 --a------ C:\WINDOWS\mozver.dat
2007-04-10 15:30:02 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll<CMDLIN~1.DLL>
2007-04-06 14:54:30 35430 --a------ C:\WINDOWS\DIIUnin.dat
2007-04-06 14:52:48 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2007-04-06 14:52:48 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2007-04-06 14:52:46 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2007-04-06 14:44:42 2829 --a------ C:\WINDOWS\DIIUnin.pif
2007-04-06 14:44:42 94208 --a------ C:\WINDOWS\DIIUnin.exe
2007-03-31 17:09:46 33296 --a------ C:\Documents and Settings\Mom and Dad\Application Data\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
2007-03-30 16:25:56 0 d-------- C:\Program Files\iWin.com
2007-03-29 22:07:12 0 d-------- C:\Program Files\MSXML 6.0<MSXML6~1.0>
2007-03-23 17:54:52 0 d-------- C:\Program Files\Microsoft SQL Server<MI6841~1>
2007-03-23 17:53:44 0 d-------- C:\Program Files\Microsoft Device Emulator<MI9C2B~1>
2007-03-23 17:53:28 0 d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition<MI40D9~1>
2007-03-23 17:42:24 0 d-------- C:\Program Files\MSBuild
2007-03-23 17:30:24 0 d-------- C:\Program Files\HTML Help Workshop<HTMLHE~1>
2007-03-23 17:30:24 0 d-------- C:\Program Files\Common Files\Merge Modules<MERGEM~1>
2007-03-23 17:30:24 0 d-------- C:\Program Files\Common Files\Business Objects<BUSINE~1>
2007-03-23 17:30:24 0 d-------- C:\Program Files\CE Remote Tools<CEREMO~1>
2007-03-23 17:25:28 0 d-------- C:\Program Files\Microsoft Visual Studio 8<MID05A~1>
2007-03-22 16:47:36 46344 --a------ C:\WINDOWS\NSSetDefaultBrowser.EXE<NSSETD~1.EXE>
2007-03-17 09:43:02 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-05 14:57:48 4 --a------ C:\WINDOWS\system32\6A54FE
2007-02-23 19:10:20 335 --a------ C:\WINDOWS\mozregistry.dat<MOZREG~1.DAT>
2007-02-10 05:29:52 2234224 --a------ C:\WINDOWS\system32\sqlncli.dll
2007-02-10 05:29:52 67952 --a------ C:\WINDOWS\system32\sqlctr90.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Weather"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -hx"
"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkVwMon.exe.lnk]
"backup"="C:\\WINDOWS\\pss\\NkVwMon.exe.lnkCommon Startup"
"location"="Common Startup"
"item"="NkVwMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
"backup"="C:\\WINDOWS\\pss\\Verizon Online Support Center.lnkCommon Startup"
"location"="Common Startup"
"command"="c:\\program files\\hewlett-packard\\hpis\\bin\\matcli.exe -boot"
"item"="Verizon Online Support Center"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FotomatDeviceConnect"
"hkey"="HKLM"
"command"="c:\\program files\\common files\\viewpoint\\toolbar runtime\\3.7.0\\fotomatdeviceconnect.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jav253

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##Johnscomputer#F]
Shell\AutoRun\command Z:\Monkey.exe


-- End of Deckard's System Scanner: finished at 2007-05-08 at 15:30:52 ---------
dark_shard is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-11-2007, 07:11 PM   #9 (permalink)
Registered User
 
suebaby41's Avatar
 
Join Date: Nov 2004
Posts: 159
OS: WINXP


Re: Infected Computer
Before we continue cleaning your computer, I saw two files that, according to my research, may be an indication of hard drive problems.
C:\FOUND.001
C:\FOUND.002

cybertech, moderator at Tech Support Guy Forums said:
Quote:
These are check files (.chk)The .CHK files are lost clusters that have been recovered (files that were open but not closed on shutdown). You may be able to recover some data from the found.xxx folders but it is 50-50 at best.

Sometimes you can reformat the drive and it will work for a time but the best thing to do is replace it!
For more information, seeLet's run the System File Checker tool.
Windows 2000 & XP comes with a very handy tool called the System File Checker. The System File Checker tool itself will scan your computer for system files that may have been replaced when some old or poorly made programs were installed. This usually happens because the programmer who made the software did not create it to check the versions of each system file it replaces.
  1. To manually invoke the System File Checker, be sure you have Administrator Privileges.
  2. Click Start > Run. In the dialog box, type sfc /scannow. Note: There is a space between sfc and the forward slash.
  3. Click OK or press Enter. Note: Don't worry if the XP setup screen appears, this is not a part of "sfc /scannow", your Autorun utility in Windows is starting it. Simply minimize the screen and allow sfc to continue.
  4. The system will immediately begin to check all the current system files and restore the cached approved copies. You may be asked to insert the Windows CD as well during the restore.
  5. Important: After you perform a system file restore, you should install the newest service pack so you are running the most current, Microsoft approved system files.
  6. If needed, Scannow Tutorial.
__________________
You don't stop laughing when you get old; you get old when you stop laughing.
suebaby41 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-12-2007, 06:56 AM   #10 (permalink)
Registered User
 
Join Date: Jan 2007
Posts: 39
OS: WIN XP PRO


Re: Infected Computer
Okay, I ran it and it scanned and finished but then nothing came up. I was aware that the hard drive needed replaced but it will have to wait a while. Is that all you can see on the system as far as malware?
dark_shard is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-17-2007, 03:01 PM   #11 (permalink)
Registered User
 
suebaby41's Avatar
 
Join Date: Nov 2004
Posts: 159
OS: WINXP


Re: Infected Computer
You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step 1

I noticed that you have some programs that need to be updated.

Your Java Runtime Environment is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove the older versions of Java Runtime Environment..
  • Close any programs you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel.
  • Click Add/Remove Programs.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer after all Java components are removed.
Please download the latest Java Runtime Environment.
  • Scroll down to where it says Java Runtime Environment (JRE) 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Check the box that says: Accept License Agreement.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • On your desktop, double-click on jre-6-windows-i586.exe to install the newest version.
After you have installed the Java software on your computer, you must restart your browser. You can verify that Java Runtime Environment (RTE) has been installed correctly by clicking on the Verify Installation button on the JAVA SOFTWARE MANUAL DOWNLOAD page.

Step 2

Please download Spybot-S&D.
Please check this link, Using Spybot- Search and Destroy To Remove Spyware From Your Computer, for instructions on how to download, install and use Spybot-S&D. Run this program as soon as possible.

Step 3

Please print out the following instructions as this page will be unavailable to you while you are working in Safe Mode.

Please download and install AVG Anti-Spyware (formerly Ewido).
  • Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security:
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active Internet connection to perform this)
    • Wait until you see the Update successful message.
  • Right-click the AVG Anti-Spyware Tray Icon. and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
  • If you are having problems with the updater, you can use this link, AVG Anti-Spyware manual updates, to manually update AVG Anti-Spyware..
  • Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Scan With AVG Anti-Spyware. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process.
  • Close ALL open Windows / Programs / Folders. Reboot to Safe Mode (without networking support !) If you don’t know how to boot in Safe Mode, here is a tutorial, How To Start Windows in Safe Mode.
  • Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All boxes should be checked.
      • Under Possibly unwanted software:
        • All boxes should be checked.
      • Under Reports:
        • Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
  • Reboot in Normal Mode.
Step 4

The ATF-Cleaner program is for XP and Windows 2000 only.
ATF-Cleaner features include:
  • Cleaning of all user temp folders, administrator only can use this feature.
  • Cleaning of the Java cache, which seems to be harboring more and more malware.
  • Cleaning the cache, cookies, history, download history, visited links and saved passwords. You have the option of checking no if you want to save your passwords.
Please download the ATF-Cleaner by Atribune.
Instructions:
  • Double-click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch (Windows XP) only
    • Java Cache
  • The rest are optional - if you want to remove them all, check Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
If you use the Firefox browser:
  • Click Firefox at the top and choose: Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use the Opera browser:
  • Click Opera at the top and choose: Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
If needed, Tutorial on ATF Cleaner with pictures.
Do not run it yet.

Step 5

Please disconnect from the Internet. Please close ALL browser windows (including this one).

We need to disable your SpywareGuard as it may interfere with the fixes that we need to make.
  1. Open SpywareGuard
  2. Click on Menu
  3. Click on File
  4. Exit.
Don't forget to re-start SpywareGuard when your machine is clean.

We need to disable Windows Defender's realtime protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender
  • Click on Tools
  • Click on General Settings
  • Scroll down to Real-time protection options
  • Uncheck Turn on Real-time protection (recommended)
  • Click Save
  • Exit the program.
Note: After all of the fixes are complete, it is very important that you enable Real-time Protection again.

Uninstall the following programs (Do not worry if they are not there.)

winupdates

To uninstall the winupdates :
  1. Click Start > Control Panel.
  2. In Control Panel, double-click Add or Remove Programs.
  3. In Add or Remove Programs, highlight the winupdates, click Remove.
  4. Close the Add or Remove Programs and the Control Panel windows.

Use ctrl + alt + del (Three keys together) to get task manager. Find these processes and end task them.
OR
Use the Process Manager in HijackThis:
  • Open HijackThis.
  • Click Open the Misc Tools Section
  • Click Open Process manager, find these programs and kill process the following running processes (Do not worry if they are not there.)
winupdates.exe

Now we will address the HijackThis fixes.

Please run HijackThis and click Scan Place checks next to the following entries (make sure not to miss any):

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {983d75b1-b947-4c4b-a49f-24438a422052} - C:\WINDOWS\system32\jav253.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553572000} - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...loader_v10.cab
O20 - Winlogon Notify: jav253 - jav253.dll (file missing)

These are optional fixes. These programs are not required to start automatically as you can start them manually if you need them. It is advised that you disable these programs so that they do not take up necessary resources. Many users have reported these processes slow their boot time. Please run HijackThis and click Scan. Place checks next to the following entries.

nerocheck.exe is a process associated with the Nero CD writing or Nero CD/DVD software. It is used to install or control the Nero driver nerocd2k.sys application. This process should not be removed while using the Nero CD Writing software. This program constantly checks for known drivers that can conflict with our Nero/Nero Express/NeroVision Express software. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

NvCpl.dll,NvStartup initializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

You have NvMcTray.dll,NvTaskbarInit running at Startup. This is a System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

You have QuickTime running at Startup. This is QuickTime's system tray icon and not necessary for the program to function properly. It is considered to be a resource hog. You will still be able to start it manually if you need it. You can fix this with HijackThis, but you will need to change the setting in QuickTime Player itself to keep it from resetting itself. Item(s) to fix in HijackThis:

O4 ‑ HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" ‑atboottime

There is a small program that will prevent QuickTime from resetting itself.
Please download Engraph-QuickTime-Killer This is a free utility from EnGraph software. For more information about EnGraph, go to www.engraph.com. This application is intended for people that use or consume Sprint Video Mail, as Sprint uses QuickTime for viewing thier movies. (or anybody that hates QuickTime) Of course, as soon as QuickTime is ran, it adds itself to startup, which is very annoying to me. This application will remove QuickTime from start up and kill any running QuickTime processes. This application runs silently at start up and closes itself as soon as it takes care of QuickTime.

WeatherBug is a system tray icon that offers weather information and includes built-in ads. WeatherBug is controlled by AWS Convergence Technologies (weatherbugmedia.com). There is some controversy over whether WeatherBug should be targeted by anti-parasite software. AWS strongly deny their software is ‘spyware’, and by the definition used here, it is not, as it does not leak information back to its controlling servers. However, WeatherBug has in the past been silently installed by the FavoriteMan parasite and Freeze.com screensavers, and more recently has been bundled by software such as AIM and Blubster. This makes it ‘unsolicited’, and since it is installed to raise money for its creators through the built-in ads it is certainly ‘commercial’. So it does meet the definition for ‘parasite’: unsolicited commercial software. It is nonetheless listed as a borderline case because it is not overtly harmful and many people do install it deliberately. WeatherBug bundles the MySearch parasite in its standalone distribution and has in the past, installed Gator and SVAPlayer.

I recommend that you uninstall WeatherBugand choose one of these alternatives:
Weather Pulse
Weather Watcher
or
Get mozilla Firefox and then get FORECASTFOX!!!
or check the weather at these websites:
Weather Street: US Weather
Intellicast
To uninstall WeatherBug:
  1. Click Start, point to Settings, and then click Control Panel.
  2. In Control Panel, double-click Add or Remove Programs.
  3. In Add or Remove Programs, highlight WeatherBug, click Remove.
  4. Close the Add or Remove Programs and the Control Panel windows.
Item(s) to fix in HijackThis:

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

You have Adobe Gamma Loader.exe running at Startup. Adobe Gamma Loader.exe is installed alongside Adobe Creative Studio products and allows the color calibration of your video output device. This is a non-essential process. You will still be able to start it manually if you need it. You can fix this with HijackThis. Item(s) to fix in HijackThis:

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

osa.exe or Osa9.exe launches common MS Office components to help speed up the launch of Office programs. Some users claim there's no difference with or without it (Osa9.exe is the Office 2000 variant). This program is not required to start automatically as you can run it when you need to. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 ‑ Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

You have reader_sl.exe running at Startup. This is a process associated with the Adobe Reader. It is used to decrease the load time for the reader when a PDF document is selected. This is a non-essential process. You will still be able to start it manually if you need it. You can fix this with HijackThis. Item(s) to fix in HijackThis:

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

You have AdobeCollabSync.exe (Adobe Synchronizer)running at Startup. Adobe Synchronizer is a small application that runs in the background, providing synchronization of document reviews and Tracker subscriptions so that your data is available when you need it. This is a non-essential process. You will still be able to start it manually if you need it. You can fix this with HijackThis. Item(s) to fix in HijackThis:

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

Dell's MyWay process can be removed to free up resources without compromising system performance. Although not technically malware, it is thought to be bad by many experts and it will bring malware with it. There are safer alternatives available such as the Google toolbar. If you do not use this, I recommend that you remove it. Please follow the Removal instructions. Item(s) to fix in HijackThis:

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZS

msmsgs.exe (MSN Messenger Internet chat tool) is the main process relating to the MSN Messenger Internet chat tool installed by default on most Windows computers. The Windows Messenger from Microsoft provides Online Chat and Instant Messaging. If you don't use Windows Messenger, you can
  1. Rename the "Messenger" folder.
  2. Uninstall, Stop, Disable or Remove "Windows Messenger".
A tray bar is also installed alongside this process for easy access to its features which include Internet chat, file sharing and audio/video conferencing. This is a non-essential process. Disabling or enabling it is down to user preference. process can be removed to free up resources without compromising system performance. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

IDriverT.exe (InstallDriver Table Manager) process can be removed to free up resources without compromising system performance. idrivert.exe is a process which belongs to the InstallShield product installation service which should only appear when you are installing a new piece of software. This program is not required to start automatically as you can start it manually if you need it. To change to Manual:
  1. Right-click on My Computer and choose Manage.
  2. Expand the Services and Applications section and click on Services.
  3. On the right-side of the screen, find the entry for the service identified in the 023 line of HijackThis and double-click on it.
  4. Change the Startup Type: to Manual.
  5. Hit the OK button and close the Computer Management screen.
Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

Reboot to Safe Mode ( without networking support !). If you don’t know how to boot in Safe Mode, use this tutorial, How To Start Windows in Safe Mode.

NOTE: To avoid the risk of any of the files or folders not being found due to their having the Hidden attribute, go to My Computer (Windows key+e) Tools > Folder Options > View. Under Advanced Settings > Files and Folders > Hidden files and folders, first make sure that Show hidden files and folders has a dot in the circle before it which indicates that hidden files and folders are visible. If needed, see this tutorial, How to see hidden files in Windows.

Using Windows Explorer, (My Computer (Windows key+e) search for the following files/folders, and DELETE them (Do not worry if they are not there):

C:\WINDOWS\system32\tmp1FE.tmp.dll
C:\WINDOWS\system32\tmp4.tmp.dll
C:\WINDOWS\system32\tmp280.tmp.dll
C:\WINDOWS\system32\tmp5.tmp.dll
C:\WINDOWS\system32\tmp51B.tmp.dll
C:\Program Files\winupdates

Step 5

Reboot to Normal Mode.

Step 6

Let’s run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

Step 7

Please run HijackThis in Normal Mode and post a new HijackThis log so I can make sure that all the malware was deleted according to plan.

Please post the logs from AVG Anti-Spyware and the list of filenames and locations for any files that can’t be cleaned / deleted that were reported after you completed the online scans.

Please advise me of any problems you still have.
__________________
You don't stop laughing when you get old; you get old when you stop laughing.
suebaby41 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-30-2007, 01:02 PM   #12 (permalink)
Registered User
 
Join Date: Jan 2007
Posts: 39
OS: WIN XP PRO


Re: Infected Computer
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:21:15 PM 5/30/2007

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{D5A5A2C7-7C4C-4a60-B507-B62932CE6ADD} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\system32\agentsvr.exe -> Adware.Monker : Cleaned with backup (quarantined).
C:\Documents and Settings\Leigh\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Leigh\Start Menu\Programs\WhenU\Learn More About Save!.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Leigh\Start Menu\Programs\WhenU\Learn More About SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Leigh\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Leigh\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Leigh\Start Menu\Programs\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Leigh\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined).
D:\Leigh\Local Settings\Temporary Internet Files\Content.IE5\CD5RJ5CY\prompt[1].htm -> Downloader.IstBar.j : Cleaned with backup (quarantined).
:mozilla.880:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.107:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.108:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.109:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.10:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.10:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.110:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.111:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.113:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.115:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.116:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.117:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.118:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.119:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.120:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.121:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.122:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.123:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.124:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.125:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.126:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.127:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.128:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.129:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.131:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:D:\Leigh\Application Data\Netscape\NSB\Profiles\rmqam2rb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:D:\Leigh\Application Data\Netscape\NSB\Profiles\rmqam2rb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.240:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.252:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.637:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.774:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.84:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.85:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.86:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.87:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.920:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.94:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.97:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John\Cookies\john@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@electronicarts.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@livenation.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@mcclatchy.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@microsoftwlspacesmkt.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@sixapart.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@starz.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@viamtvcom.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@archant.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@mcclatchy.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.27:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.28:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.29:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.455:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.456:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.457:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\John\Cookies\john@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\John\Cookies\john@getmusicfree.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@arn.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@gatorarcade.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@getmusicfree.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@pan.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@prizeamerica.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Leigh\Local Settings\Temp\Cookies\leigh@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Leigh\Local Settings\Temp\Cookies\leigh@arn.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
D:\Leigh\Cookies\leigh@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
D:\Leigh\Cookies\leigh@lovefreegames.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.25:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.26:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.468:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.472:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.474:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.676:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
D:\Leigh\Cookies\leigh@axa.addcontrol[1].txt -> TrackingCookie.Addcontrol : Cleaned.
:mozilla.248:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.35:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.431:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.432:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
D:\Leigh\Cookies\leigh@ad.admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.835:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
D:\Leigh\Cookies\leigh@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
D:\Leigh\Cookies\leigh@ad.adocean[1].txt -> TrackingCookie.Adocean : Cleaned.
D:\Leigh\Cookies\leigh@adorigin[2].txt -> TrackingCookie.Adorigin : Cleaned.
:mozilla.191:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.192:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.193:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.260:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.261:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.262:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.263:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.547:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.548:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.549:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.550:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.551:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.552:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.20:D:\Leigh\Application Data\Netscape\NSB\Profiles\rmqam2rb.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.21:D:\Leigh\Application Data\Netscape\NSB\Profiles\rmqam2rb.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.520:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.521:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.210:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.211:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.212:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.213:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.214:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.215:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:D:\Leigh\Application Data\Netscape\NSB\Profiles\rmqam2rb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:D:\Leigh\Application Data\Netscape\NSB\Profiles\rmqam2rb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:D:\Leigh\Application Data\Netscape\NSB\Profiles\rmqam2rb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
D:\Leigh\Cookies\leigh@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.519:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@adviva[1].txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.16:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.22:D:\Leigh\Application Data\Netscape\NSB\Profiles\rmqam2rb.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.848:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.153:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.154:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.496:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.213:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.214:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.215:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.478:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.479:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.269:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.504:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.513:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
D:\Leigh\Cookies\leigh@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.267:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.268:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.507:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.508:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.509:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.514:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.87:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.88:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
D:\Leigh\Cookies\leigh@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
D:\Leigh\Cookies\leigh@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.22:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.24:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.25:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.26:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.27:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.28:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.29:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.392:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.42:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.43:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.212:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.461:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@ads.cnn[1].txt -> TrackingCookie.Cnn : Cleaned.
C:\Documents and Settings\Leigh\Local Settings\Temp\Cookies\leigh@ads.cnn[1].txt -> TrackingCookie.Cnn : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ads.cnn[1].txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.100:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.101:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.102:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.149:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.44:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.45:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@com[2].txt -> TrackingCookie.Com : Cleaned.
D:\Leigh\Cookies\leigh@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@connextra[2].txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.65:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\John\Cookies\john@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Leigh\Local Settings\Temp\Cookies\leigh@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.14:D:\Leigh\Application Data\Netscape\NSB\Profiles\rmqam2rb.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.18:D:\Leigh\Application Data\Netscape\NSB\Profiles\rmqam2rb.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.309:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.46:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
D:\Leigh\Cookies\leigh@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.100:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.101:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.102:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.103:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.104:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.105:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.106:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.107:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.108:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.109:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.180:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.181:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.182:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.183:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.184:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.185:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.186:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.187:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.249:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.250:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.251:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.252:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.253:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.254:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.255:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.256:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.257:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.54:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.55:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.56:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.57:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.58:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.59:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.60:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.61:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.62:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.63:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.64:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.65:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.66:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.67:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.68:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.69:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.702:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.70:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.73:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.74:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.750:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.75:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.76:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.77:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.78:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.79:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.80:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.81:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.82:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.837:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.838:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.839:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.83:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.840:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.841:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.842:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.843:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.84:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.85:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.86:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.87:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.88:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.89:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.90:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.91:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.929:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.92:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.93:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.945:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.94:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.95:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.96:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.97:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.98:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.99:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@e-2dj6wfk4enc5iep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@e-2dj6wfkigidjehp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@e-2dj6wgkiakcjgeo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@e-2dj6wgkocjazglp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@e-2dj6wgkosldzigp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@e-2dj6wjlikkcjskp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@e-2dj6wjliupazkcp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@e-2dj6wjlycocjodo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@e-2dj6wjnyaid5eho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@e-2dj6wjnyanajodp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@e-2dj6wjnycicjwlq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@e-2dj6wjnyokajchq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
D:\Leigh\Cookies\leigh@stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.163:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.164:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.165:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.166:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.167:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.34:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.35:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.36:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.37:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.458:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.826:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.60:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.138:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.139:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.140:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.141:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.142:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.143:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.144:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.19:D:\Leigh\Application Data\Netscape\NSB\Profiles\rmqam2rb.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.442:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.443:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@fortunecity[2].txt -> TrackingCookie.Fortunecity : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@fortunecity[2].txt -> TrackingCookie.Fortunecity : Cleaned.
D:\Leigh\Cookies\leigh@cityclub.gamingpromo[2].txt -> TrackingCookie.Gamingpromo : Cleaned.
D:\Leigh\Cookies\leigh@gamingpromo[1].txt -> TrackingCookie.Gamingpromo : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@hit.gemius[1].txt -> TrackingCookie.Gemius : Cleaned.
D:\Leigh\Cookies\leigh@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.228:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.261:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.262:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.244:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.245:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.246:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.383:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.384:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.385:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.386:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.388:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.446:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.447:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.449:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.450:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.452:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.453:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.492:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.531:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.537:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.645:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.646:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.647:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.648:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.734:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.736:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.780:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.781:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.807:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.809:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.823:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.892:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.917:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.918:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@ehg-globalgamingleague.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@ehg-maniatv.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@ehg-theviptour.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@ehg-ti.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@ehg-youtube.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ehg-advanceauto.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ehg-alkemi.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ehg-autodesk.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ehg-autozone.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ehg-inforspaceinc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ehg-knightridder.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ehg-legacy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ehg-medstarhealth.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ehg-nestlepurinapetcare.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ehg-nestleusainc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ehg-oreilly.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ehg-rr.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ehg-win2000mag.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ehg-youtube.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Leigh\Cookies\leigh@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
D:\Leigh\Cookies\leigh@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.131:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.132:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.188:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.189:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.292:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.293:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.500:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.711:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
:mozilla.931:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned.
D:\Leigh\Cookies\leigh@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@search.live[1].txt -> TrackingCookie.Live : Cleaned.
:mozilla.878:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.879:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@server.lon.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
D:\Leigh\Cookies\leigh@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.174:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@search.msn[3].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
D:\Leigh\Cookies\leigh@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
D:\Leigh\Cookies\leigh@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@valueclick.ne[1].txt -> TrackingCookie.Ne : Cleaned.
:mozilla.767:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
D:\Leigh\Cookies\leigh@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
D:\Leigh\Cookies\leigh@oewabox[1].txt -> TrackingCookie.Oewabox : Cleaned.
:mozilla.630:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.631:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.632:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.633:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.171:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.172:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.309:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.310:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.39:C:\Documents and Settings\Leigh\Application Data\Mozilla\Firefox\Profiles\sz44656i.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.62:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.63:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.64:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.739:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\John\Cookies\john@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.235:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.312:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.325:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.532:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@www.paypal[2].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Leigh\Local Settings\Temp\Cookies\leigh@www.paypal[2].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
D:\Leigh\Cookies\leigh@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.311:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.312:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.313:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.314:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.36:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.37:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.38:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.39:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.39:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.40:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.41:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.42:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\John\Cookies\john@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.174:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.175:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.277:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.278:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.335:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.336:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\John\Cookies\john@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.176:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Real : Cleaned.
D:\Leigh\Cookies\leigh@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned.
:mozilla.194:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.195:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.196:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.197:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.294:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.295:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.296:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.297:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.298:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.299:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.300:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.301:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.347:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.348:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.349:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.350:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.351:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.352:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\John\Cookies\john@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.716:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.768:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.769:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.100:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.101:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.102:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.103:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.104:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.105:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.108:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.109:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.110:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.111:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.112:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.113:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.114:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.361:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.362:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.363:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.364:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.365:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.366:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.367:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.67:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.69:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.91:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.95:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.96:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.98:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.99:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.115:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.116:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.117:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.118:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.148:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.407:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.408:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.409:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.7:D:\Leigh\Application Data\Mozilla\Profiles\default\2iwuukx5.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.8:D:\Leigh\Application Data\Mozilla\Profiles\default\2iwuukx5.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.9:D:\Leigh\Application Data\Mozilla\Profiles\default\2iwuukx5.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.376:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.377:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.378:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.379:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.380:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.41:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.42:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.43:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.44:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.45:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.46:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.497:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.498:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.499:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.500:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.501:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.502:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.503:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.86:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.321:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.322:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.323:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.324:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.328:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.32:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.33:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.34:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.386:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.387:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.388:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.389:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.38:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.390:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.441:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
D:\Leigh\Cookies\leigh@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.776:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.777:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.778:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@h.starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
D:\Leigh\Cookies\leigh@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
D:\Leigh\Cookies\leigh@starware[2].txt -> TrackingCookie.Starware : Cleaned.
D:\Leigh\Cookies\leigh@www.starware[1].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.271:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.391:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.581:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.582:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.583:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.584:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.585:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.586:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.587:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.588:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.589:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.590:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.591:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.592:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.593:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.594:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.595:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.596:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.597:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.598:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.599:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.600:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.601:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt ->
dark_shard is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-30-2007, 01:02 PM   #13 (permalink)
Registered User
 
Join Date: Jan 2007
Posts: 39
OS: WIN XP PRO


Re: Infected Computer
TrackingCookie.Statcounter : Cleaned.
:mozilla.602:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.603:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.604:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.270:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.304:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.305:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.306:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.307:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.393:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.394:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.395:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.396:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.397:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.469:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.470:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.518:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.74:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.75:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.76:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
D:\Leigh\Cookies\leigh@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned.
D:\Leigh\Cookies\leigh@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.379:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.380:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.381:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.407:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.408:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.409:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.410:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.411:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.412:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.413:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.193:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.21:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.417:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.355:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.356:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.357:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.358:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.359:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.279:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.467:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@statse.webtrendslive[3].txt -> TrackingCookie.Webtrendslive : Cleaned.
D:\Leigh\Cookies\leigh@affiliates.x10[1].txt -> TrackingCookie.X10 : Cleaned.
C:\Documents and Settings\Leigh\Cookies\leigh@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
D:\Leigh\Cookies\leigh@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.16:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.17:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.18:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.19:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.210:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.211:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.21:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.285:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.286:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.287:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.288:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.289:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.290:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.291:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.30:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.448:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.449:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.450:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.451:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.452:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.453:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt ->TrackingCookie.Yieldmanager : Cleaned.
:mozilla.454:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\s83xkw07.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.45:C:\Documents and Settings\Leigh\Application Data\Mozilla\Firefox\Profiles\sz44656i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.46:C:\Documents and Settings\Leigh\Application Data\Mozilla\Firefox\Profiles\sz44656i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\Leigh\Cookies\leigh@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.12:C:\Documents and Settings\Leigh\Application Data\Mozilla\Firefox\Profiles\sz44656i.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.13:C:\Documents and Settings\Leigh\Application Data\Mozilla\Firefox\Profiles\sz44656i.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.14:C:\Documents and Settings\Leigh\Application Data\Mozilla\Firefox\Profiles\sz44656i.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.155:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.156:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.157:C:\Documents and Settings\Mom and Dad\Application Data\Netscape\NSB\Profiles\g6o86nio.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.15:C:\Documents and Settings\Leigh\Application Data\Mozilla\Firefox\Profiles\sz44656i.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.16:C:\Documents and Settings\Leigh\Application Data\Mozilla\Firefox\Profiles\sz44656i.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.338:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.339:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.340:C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\l0xwihpe.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
::Report end
dark_shard is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-30-2007, 01:03 PM   #14 (permalink)
Registered User
 
Join Date: Jan 2007
Posts: 39
OS: WIN XP PRO


Re: Infected Computer
Deckard's System Scanner v20070411.38
Run by John on 2007-05-30 at 15:56:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as John.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:57:04 PM, on 5/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mom and Dad\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\John.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...r/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mp3: C:\Program Files\Netscape\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1105162440937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125198812084
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game...nematycoon.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe


-- Files created between 2007-04-30 and 2007-05-30 -----------------------------

2007-05-30 12:37:56 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-30 12:05:33 0 d-------- C:\Program Files\Common Files\Java
2007-05-28 04:13:38 1294336 --a------ C:\Documents and Settings\Owner\ntuser.dat
2007-05-28 04:13:37 786432 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-05-25 23:26:45 0 d-------- C:\Documents and Settings\Mom and Dad\Application Data\Audacity
2007-05-25 23:25:18 0 d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)<AUDACI~1.3BE>
2007-05-17 18:17:13 0 d-------- C:\Program Files\SystemRequirementsLab<SYSTEM~1>
2007-05-17 18:17:01 0 d-------- C:\Documents and Settings\John\Application Data\SystemRequirementsLab<SYSTEM~1>
2007-05-15 19:17:35 0 d-------- C:\Program Files\SlySoft
2007-05-11 11:28:18 0 d-------- C:\Program Files\Alcohol Soft<ALCOHO~1>
2007-05-11 11:22:06 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-05-09 22:17:11 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2<MICROS~1.2>
2007-05-09 22:07:14 0 d-------- C:\bb28d06c320b2730cdd58d4f<BB28D0~1>
2007-05-09 18:01:24 0 d-------- C:\Documents and Settings\Leigh\Application Data\InstallShield<INSTAL~1>
2007-05-08 15:13:05 49152 --a------ C:\WINDOWS\system32\vfind.exe
2007-05-08 15:13:05 428032 --a------ C:\WINDOWS\system32\swreg.exe
2007-05-08 15:13:05 49152 --a------ C:\WINDOWS\nircmd.exe
2007-05-08 15:13:05 86528 --a------ C:\WINDOWS\catchme.exe
2007-05-08 15:13:04 212480 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-05-08 15:13:04 370688 --a------ C:\WINDOWS\system32\swsc.exe
2007-05-08 15:13:04 38400 --a------ C:\WINDOWS\system32\moveex.exe
2007-05-08 10:27:15 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-05-03 12:28:06 0 d-------- C:\WINDOWS\system32\VirtualExpander<VIRTUA~1>
2007-05-03 11:54:38 0 d-------- C:\Documents and Settings\Mom and Dad\Incomplete<INCOMP~1>
2007-05-03 11:54:27 0 d-------- C:\Documents and Settings\Mom and Dad\Application Data\LimeWire
2007-05-02 13:42:57 0 d-------- C:\Documents and Settings\Leigh\Application Data\Lavasoft


-- Find3M Report ---------------------------------------------------------------

2007-05-28 2042 19368 --a------ C:\WINDOWS\mozver.dat
2007-05-17 18:31:24 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll<CMDLIN~1.DLL>
2007-04-22 21:34:24 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-04-22 21:29:32 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-04-18 12:12:24 2854400 --a------ C:\WINDOWS\system32\msi.dll
2007-04-17 16:10:40 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-04-16 16:15:28 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-04-13 18:27:52 0 d-------- C:\Documents and Settings\John\Application Data\Lavasoft
2007-04-06 14:54:30 35430 --a------ C:\WINDOWS\DIIUnin.dat
2007-04-06 14:52:48 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2007-04-06 14:52:48 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2007-04-06 14:52:46 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2007-04-06 14:44:42 2829 --a------ C:\WINDOWS\DIIUnin.pif
2007-04-06 14:44:42 94208 --a------ C:\WINDOWS\DIIUnin.exe
2007-03-30 16:25:56 0 d-------- C:\Program Files\iWin.com
2007-03-22 16:47:36 46344 --a------ C:\WINDOWS\NSSetDefaultBrowser.EXE<NSSETD~1.EXE>
2007-03-17 09:43:02 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-05 14:57:48 4 --a------ C:\WINDOWS\system32\6A54FE


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -hx"
"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkVwMon.exe.lnk]
"backup"="C:\\WINDOWS\\pss\\NkVwMon.exe.lnkCommon Startup"
"location"="Common Startup"
"item"="NkVwMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
"backup"="C:\\WINDOWS\\pss\\Verizon Online Support Center.lnkCommon Startup"
"location"="Common Startup"
"command"="c:\\program files\\hewlett-packard\\hpis\\bin\\matcli.exe -boot"
"item"="Verizon Online Support Center"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FotomatDeviceConnect"
"hkey"="HKLM"
"command"="c:\\program files\\common files\\viewpoint\\toolbar runtime\\3.7.0\\fotomatdeviceconnect.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-05-30 at 15:58:01 ---------
dark_shard is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-31-2007, 12:42 PM   #15 (permalink)
Registered User
 
suebaby41's Avatar
 
Join Date: Nov 2004
Posts: 159
OS: WINXP


Re: Infected Computer
Your log appears to be clean. Please advise me of any problems you still have. Please respond to this thread one more time so we can mark this thread as resolved. Thanks.

Tools Downloaded To Clean Your Computer
I asked you to install some tools. Whether or not you need to keep these programs must be decided by you. If you choose to uninstall them, follow these directions:
  1. Click Start > Control Panel.
  2. In Control Panel, double-click Add or Remove Programs.
  3. In Add or Remove Programs, highlight the program, click Remove.
  4. Close the Add or Remove Programs and the Control Panel windows.
Optional Tools:
  1. Ad-Aware SE Personal Edition scans, detects, and removes spyware on your computer.
  2. ATF-Cleaner features include:
    • Cleaning of all user temp folders, administrator only can use this feature.
    • Cleaning of the Java cache, which seems to be harboring more and more malware.
    • Cleaning the cache, cookies, history, download history, visited links and saved passwords.
  3. AVG Anti-Spyware is a good scanner to use. This will auto update for the trial period of 30 days. Afterwards, you will need to update manually before scanning. Scan weekly if you have high Internet use.
  4. HijackThis may be uninstalled; however, if you should ever encounter another problem and seek help in this forum or others like it, you will need to download this application.
Restore the default settings for files/folders..
  1. Go to My Computer.
  2. Select the Tools menu and click Folder Options.
  3. Click the View tab.
  4. Under Advanced Settings, click the Restore Defaults button in the lower right corner.
  5. Click Apply and then the OK and close My Computer.
Please take the time to read my All Clean Post. .
Please follow these simple steps in order to keep your computer clean and secure:
  1. Disable and Enable System Restore. After cleaning, you will need to disable the System Restore function For Windows XP.
    Files placed in the System volume information folder are source files for the System Restore function that is available in Windows XP operating system. Files that were healed were moved in their original INFECTED state into this folder and it is necessary to DELETE them by following these steps:
    1. Close all open programs. Then right-click My Computer on the Windows desktop
    2. Click on Properties.
    3. Click on the System Restore tab.
    4. Check Turn off System Restore on all drives.
    5. Restart the system.
    6. Enable System Restore by going through the first four steps again and uncheck the item mentioned in Step D.
    7. You can find instructions on how to disable and enable system restore in the Windows XP System Restore Guide.
  2. Make your Internet Explorer more secure: This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub frames across different domains to Prompt
    5. When all these settings have been made, click on the OK button.
    6. If it asks you if you want to save the settings, press the Yes button.
    7. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Use IE-SPYAD: Install IE SPYAD. Add another level of protection to your Internet Explorer browser by blocking certain sites that are known to contain malware. IE SPYAD puts several thousand sites in your restricted zone so you'll be protected when you visit innocent looking sites that aren't actually innocent at all. If you happen on a site within its list, they can't hijack you or install anything. Program is free and is updated about once a month. Please follow readme instructions for install; it is a little different. Single user PC use IE Spyad1. Multi user XP PC use IE Spyad2.
  4. Use a Firewall: - I cannot stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls
  5. Use An Antivirus Software and Keep It Updated: - It is very important that your computer has an antivirus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out. For an article on antivirus programs and a listing of some available ones see the link below:
    Computer Safety On line - Anti-Virus
  6. Visit Microsoft's Windows Update Site Frequently: It is important that you visit Microsoft Windows Update regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  7. You should scan your computer with Spybot S&D on a regular basis just as you would an anti- virus software. A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware from Your Computer
  8. You should scan your computer with Ad-Aware as well as Spybot S&D and your anti-virus program on a regular basis. A tutorial on installing & using this product can be found here:
    Using Ad-Aware SE to remove Spyware & Hijackers from Your Computer
  9. Install SpywareBlaster: SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line Anti Malware
  10. Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. Click the start button on the task bar at the bottom of your screen
    2. Click run
    3. In the dialog box, type services.msc
    4. hit enter, then locate dns client
    5. Highlight it, then doubleclick it.
    6. On the dropdown box, change the setting from automatic to manual.
    7. Click OK.
  11. Use an alternative instant messenger program:.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  12. Please read Tony Klein's excellent article: How I got Infected in the First Place
  13. Please read Understanding Spyware, Browser Hijackers, and Dialers
  14. Please read Simple and easy ways to keep your computer safe and secure on the Internet.
  15. If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built in popup blocker (as an added benefit!) that I have ever seen.
    Another good browser is Opera . Opera 9 comes loaded with the tools to keep you productive and safe. Try it today, it's absolutely free. Some of the Opera features are: Customization, BitTorrent, Content blocker, Add your favorite search engines, Thumbnail preview of tabs, Widgets, Transfer manager, Tabbed browsing, Password manager, Sessions (You can save a collection of open tabs as a session, for later retrieval, or start with the pages you had open when Opera was last closed.), Keyboard Shortcuts, Cookie control, a multitude of languages, Validate code, Toggle graphics and style sheets, and Special features such as Full-screen mode, Kiosk mode.
  16. Update all these programs regularly: Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  17. If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back.
Follow these steps and your potential for being infected again will reduce dramatically.
Good luck!
__________________
You don't stop laughing when you get old; you get old when you stop laughing.
suebaby41 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-14-2007, 11:28 AM   #16 (permalink)
Registered User
 
suebaby41's Avatar
 
Join Date: Nov 2004
Posts: 159
OS: WINXP


Re: Infected Computer
This subject is now closed. If you need this topic reopened, please PM a member of the TSF Security Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic. Please reply to this thread. If your problem has been resolved, please let us know. Thanks.
__________________
You don't stop laughing when you get old; you get old when you stop laughing.
suebaby41 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 06:04 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84