Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log


  • This topic is locked This topic is locked
13 replies to this topic

#1 skeney

skeney

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Long Island, New York
  • Local time:06:39 PM

Posted 05 August 2007 - 06:45 PM

Hi guys,

I did a system scan with HJT 'cause all of a sudden today IE is very slow and I am getting pop ups about security levels ... pls help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:08 PM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Everyone Else\Local Settings\Temp\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
O1 - Hosts: 64.200.25.145 gator.com #cooklop
O1 - Hosts: 64.200.25.145 www.gator.com #cooklop
O1 - Hosts: 64.200.25.145 www.doubleclick.net #cooklop
O1 - Hosts: 64.200.25.145 tripod.com #cooklop
O1 - Hosts: 64.200.25.145 www.tripod.com #cooklop
O1 - Hosts: 64.200.25.145 adultfriendfinder.com #cooklop
O1 - Hosts: 64.200.25.145 www.adultfriendfinder.com #cooklop
O1 - Hosts: 64.200.25.145 cj.com #cooklop
O1 - Hosts: 64.200.25.145 www.cj.com #cooklop
O1 - Hosts: 64.200.25.145 paypopup.com #cooklop
O1 - Hosts: 64.200.25.145 www.paypopup.com #cooklop
O1 - Hosts: 64.200.25.145 www.worldsex.com #cooklop
O1 - Hosts: 64.200.25.145 free6.com #cooklop
O1 - Hosts: 64.200.25.145 trafficmp.com #cooklop
O1 - Hosts: 64.200.25.145 www.trafficmp.com #cooklop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBStore\DSS\dssagent.exe
O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe /server"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VirusProtectPro 3.6] "C:\Program Files\VirusProtectPro 3.6\VirusProtectPro 3.6.exe" /h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002112...all/xscan53.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{21E2404D-467E-4BAA-925B-5676127C71EF}: NameServer = 167.206.3.212,167.206.3.211
O22 - SharedTaskScheduler: exultet - {4f5f16ef-af9d-4fe6-8410-f0670b58979d} - C:\WINDOWS\system32\gusur.dll
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9758 bytes

BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:39 AM

Posted 05 August 2007 - 11:53 PM

Hello skeney :thumbsup:

Please download HostsXpert.zip:
  • Unzip HostsXpert to a convenient folder such as C:\HostsXpert.
  • Run HostsXpert.exe from its new home.
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts File and then click OK.
  • Click the X to exit the program.
====

Next, please download RogueRemover and save it to your desktop.

Run the installer and start the program. Select "Scan" and follow the prompts. If there is a option to save the log, please do so. It may ask you to reboot on completion. It should produce a log of rogue software that it finds; please post that.

If you cannot find the log, it should be in the folder C:\Program Files\RogueRemover

Post the contents of the log aswell as a fresh HijackThis log in your next reply.
Hi there, stranger!

#3 skeney

skeney
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Long Island, New York
  • Local time:06:39 PM

Posted 06 August 2007 - 07:01 AM

Here I was thinking I was doing so well following your instructions and then I go ahead and remove whatever the RogueRemover found (which was like 7 things) and didn't save a log ... but also didn't see the option too. Sorry !! :thumbsup:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:26 AM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\DllHost.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Everyone Else\Local Settings\Temp\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBStore\DSS\dssagent.exe
O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe /server"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VirusProtectPro 3.6] "C:\Program Files\VirusProtectPro 3.6\VirusProtectPro 3.6.exe" /h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002112...all/xscan53.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{21E2404D-467E-4BAA-925B-5676127C71EF}: NameServer = 167.206.3.212,167.206.3.211
O22 - SharedTaskScheduler: exultet - {4f5f16ef-af9d-4fe6-8410-f0670b58979d} - C:\WINDOWS\system32\gusur.dll
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8620 bytes

#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:39 AM

Posted 06 August 2007 - 07:12 AM

Hello again, lets continue :flowers:

Please print these instructions out, or write them down, as you can't read them during the fix.

Please download AVG Anti-Spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the setup program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • If you aren't able to finish the update within AVG Anti-Spyware for a reason or another, you can install the manual updates here.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Close AVG Anti-Spyware, DO NOT run a scan just yet, we will shortly.

Through Add/Remove Programs list, under Control Panel, please uninstall the following entry if found:

VirusProtectPro 3.6 (or just VirusProtectPro)

Then, please navigate to and delete the following folder if found:

C:\Program Files\VirusProtectPro

Finally, run a scan with HijackThis and check the following objects for removal if found:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
O4 - HKLM\..\Run: [VirusProtectPro 3.6] "C:\Program Files\VirusProtectPro\VirusProtectPro 3.6.exe" /h
O22 - SharedTaskScheduler: exultet - {4f5f16ef-af9d-4fe6-8410-f0670b58979d} - C:\WINDOWS\system32\gusur.dll


Close ALL other open windows but HijackThis and hit FIX CHECKED. Exit HijackThis.

=====

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
  • IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware, reboot your system back into Normal Mode and post back with the AVG Anti-Spyware results aswell as a fresh HijackThis log. :thumbsup:

Hi there, stranger!

#5 skeney

skeney
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Long Island, New York
  • Local time:06:39 PM

Posted 06 August 2007 - 08:37 AM

:thumbsup: Ok, so ... I did the AVG thing, I couldn't find VirusProtectPro (although it sounds familiar) and I did the scan with Hijack This and deleted the 3 errors. For the life of me, I cannot restart the computer in safe mode. I have done it a million times on other PC's but can't on this one ... I'm on an IBM running Windows XP, any other way I can do it ?

#6 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:39 AM

Posted 06 August 2007 - 08:42 AM

Yes. Click Start -> Run and type in: msconfig

Under BOOT.INI -tab, check the /SAFEBOOT (Minimal) box. Click Apply and reboot into Safe Mode. Once you are finished with the AVG scan, revert the boot back to normal -> under BOOT.INI -tab, uncheck the box next to /SAFEBOOT, click Apply then simply reboot back into regular Windows. :thumbsup:
Hi there, stranger!

#7 skeney

skeney
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Long Island, New York
  • Local time:06:39 PM

Posted 06 August 2007 - 11:04 AM

Ew. That took 2 hours. I'm not a patient person, hehe. :thumbsup: Here are both the logs ...

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:00:15 PM 8/6/2007

+ Scan result:



C:\System Volume Information\_restore{B23C16D1-DB97-4E10-A0E9-420C4B070C34}\RP1308\A0074734.ini -> Adware.Qworke : Cleaned.
C:\Documents and Settings\Everyone Else\Local Settings\Temporary Internet Files\Content.IE5\R42J8NOP\poicxvnewuoiwwqdws[1].htm -> Downloader.Agent.gx : Cleaned.
C:\Documents and Settings\Everyone Else\Local Settings\Temporary Internet Files\Content.IE5\R42J8NOP\oiewuroiwuexzc[1].htm -> Dropper.Small.j : Cleaned.
C:\Documents and Settings\Everyone Else\Local Settings\Temporary Internet Files\Content.IE5\L3Y3Y1PE\movie[1].qtl -> Not-A-Virus.Exploit.Multi.Qtp.b : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@harpo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Everyone Else\Cookies\everyone_else@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00028907.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00028909.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00028910.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00029787.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00029789.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00029791.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00029793.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00029795.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00029796.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00029797.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00029798.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00029799.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00029801.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00029802.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00029803.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00029804.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00029805.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00029806.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00029807.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00029809.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00029188.TXT -> TrackingCookie.Aavalue : Cleaned.
C:\RECYCLER\NPROTECT\00029189.TXT -> TrackingCookie.Aavalue : Cleaned.
C:\RECYCLER\NPROTECT\00029190.TXT -> TrackingCookie.Aavalue : Cleaned.
C:\RECYCLER\NPROTECT\00029191.TXT -> TrackingCookie.Aavalue : Cleaned.
C:\RECYCLER\NPROTECT\00029192.TXT -> TrackingCookie.Aavalue : Cleaned.
C:\RECYCLER\NPROTECT\00029193.TXT -> TrackingCookie.Aavalue : Cleaned.
C:\RECYCLER\NPROTECT\00029194.TXT -> TrackingCookie.Aavalue : Cleaned.
C:\RECYCLER\NPROTECT\00029195.TXT -> TrackingCookie.Aavalue : Cleaned.
C:\RECYCLER\NPROTECT\00029196.TXT -> TrackingCookie.Aavalue : Cleaned.
C:\RECYCLER\NPROTECT\00029197.TXT -> TrackingCookie.Aavalue : Cleaned.
C:\RECYCLER\NPROTECT\00029198.TXT -> TrackingCookie.Aavalue : Cleaned.
C:\RECYCLER\NPROTECT\00029199.TXT -> TrackingCookie.Aavalue : Cleaned.
C:\RECYCLER\NPROTECT\00029200.TXT -> TrackingCookie.Aavalue : Cleaned.
C:\RECYCLER\NPROTECT\00029201.TXT -> TrackingCookie.Aavalue : Cleaned.
C:\RECYCLER\NPROTECT\00029202.TXT -> TrackingCookie.Aavalue : Cleaned.
C:\RECYCLER\NPROTECT\00029203.TXT -> TrackingCookie.Aavalue : Cleaned.
C:\RECYCLER\NPROTECT\00029204.TXT -> TrackingCookie.Aavalue : Cleaned.
C:\RECYCLER\NPROTECT\00029205.TXT -> TrackingCookie.Aavalue : Cleaned.
C:\RECYCLER\NPROTECT\00029206.TXT -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Everyone Else\Cookies\everyone_else@3.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Everyone Else\Cookies\everyone_else@4.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Everyone Else\Cookies\everyone_else@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Everyone Else\Cookies\everyone_else@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\RECYCLER\NPROTECT\00029539.TXT -> TrackingCookie.Adrevolver : Cleaned.
C:\RECYCLER\NPROTECT\00029540.TXT -> TrackingCookie.Adrevolver : Cleaned.
C:\RECYCLER\NPROTECT\00029542.TXT -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00028908.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00028911.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029380.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029381.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029382.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029384.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029385.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029386.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029394.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029395.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029396.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029399.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029418.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029419.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029420.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029423.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029545.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029546.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029547.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029548.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029788.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029792.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029794.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029808.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00029810.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Everyone Else\Cookies\everyone_else@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00028885.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00028886.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00028887.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00028897.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00028898.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00028899.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00028900.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00028901.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00028990.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00028991.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00028992.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00028993.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00028994.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029003.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029004.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029005.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029006.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029007.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029021.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029022.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029023.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029024.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029025.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029027.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029028.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029029.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029030.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029031.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029034.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029035.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029036.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029037.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029038.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029047.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029048.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029049.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029050.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029051.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029057.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029058.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029059.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029060.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029061.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029070.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029071.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029072.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029073.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029074.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029076.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029077.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029078.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029079.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029080.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029086.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029087.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029088.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029089.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029090.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029106.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029107.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029108.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029109.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029110.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029124.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029125.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029126.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029127.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029128.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029130.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029131.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029132.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029133.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029134.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029136.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029137.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029138.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029139.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029140.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029147.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029148.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029149.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029150.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029151.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029154.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029155.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029156.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029157.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029158.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029159.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029160.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029165.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029166.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029167.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029168.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029169.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029207.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029208.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029209.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029210.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029227.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029228.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029229.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029230.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029231.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029371.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029372.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029373.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029374.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029375.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029403.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029404.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029405.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029406.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029407.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029450.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029451.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029452.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029453.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029454.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029459.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029460.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029461.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029462.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029463.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029467.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029468.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029469.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029470.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029471.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029474.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029475.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029476.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029477.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029478.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029482.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029483.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029484.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029485.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029486.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029491.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029492.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029493.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029494.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029495.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029501.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029502.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029503.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029504.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029505.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029698.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029699.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029700.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029701.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029702.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029712.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029713.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029714.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029715.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029716.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029740.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029741.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029742.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029743.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029744.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029762.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029763.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029764.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029765.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029766.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029821.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029822.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029823.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029824.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029825.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029835.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029836.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029837.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029838.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029839.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029849.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029850.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029851.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029852.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029853.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029860.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029861.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029862.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029863.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029864.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029886.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029887.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029888.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029889.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029890.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029903.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029904.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029905.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029906.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029907.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029913.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029914.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029915.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029916.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029917.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029965.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029966.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029967.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029968.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029969.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029975.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029976.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029977.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029978.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029979.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029986.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029987.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029988.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029989.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00029990.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029358.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029359.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029360.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029363.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029364.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029365.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029414.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029664.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029665.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029666.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029667.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029668.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029669.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029670.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029672.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029673.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029674.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029675.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029677.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029678.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029732.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029733.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029768.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029769.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029770.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029771.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029779.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029780.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029785.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029786.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029933.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00029934.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@ehg-rodale.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\RECYCLER\NPROTECT\00029409.TXT -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Everyone Else\Cookies\everyone_else@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Everyone Else\Cookies\everyone_else@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Everyone Else\Cookies\everyone_else@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\NPROTECT\00029772.TXT -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\NPROTECT\00029773.TXT -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\NPROTECT\00029774.TXT -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\NPROTECT\00029775.TXT -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\NPROTECT\00029776.TXT -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\NPROTECT\00029777.TXT -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\NPROTECT\00029778.TXT -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\NPROTECT\00029782.TXT -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\NPROTECT\00029783.TXT -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\NPROTECT\00029784.TXT -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\RECYCLER\NPROTECT\00029628.TXT -> TrackingCookie.Realmedia : Cleaned.
C:\RECYCLER\NPROTECT\00029721.TXT -> TrackingCookie.Realmedia : Cleaned.
C:\RECYCLER\NPROTECT\00029725.TXT -> TrackingCookie.Realmedia : Cleaned.
C:\RECYCLER\NPROTECT\00029753.TXT -> TrackingCookie.Realmedia : Cleaned.
C:\RECYCLER\NPROTECT\00029927.TXT -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Everyone Else\Cookies\everyone_else@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\NPROTECT\00028968.TXT -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\NPROTECT\00028969.TXT -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\NPROTECT\00028970.TXT -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\NPROTECT\00028971.TXT -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\NPROTECT\00028972.TXT -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Everyone Else\Cookies\everyone_else@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Everyone Else\Cookies\everyone_else@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\RECYCLER\NPROTECT\00029179.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029216.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029222.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029224.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029242.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029248.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029251.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029253.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029256.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029258.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029260.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029262.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029264.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029266.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029269.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029271.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029273.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029275.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029277.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029279.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029282.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029284.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029286.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029288.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029290.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029292.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029294.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029296.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029299.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029301.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029303.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029306.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029308.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029310.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029313.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029315.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029317.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029319.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029322.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029324.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029326.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029328.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029330.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029332.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029335.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029337.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029339.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029341.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029343.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029346.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029348.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029350.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029352.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029354.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029411.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00029413.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Everyone Else\Cookies\everyone_else@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Everyone Else\Cookies\everyone_else@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Everyone Else\Cookies\everyone_else@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00028890.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00028891.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00028892.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00028893.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00028894.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00028902.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00028903.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00028904.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00028905.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029013.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029014.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029015.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029016.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029426.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029427.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029428.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029429.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029444.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029445.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029446.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029447.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029510.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029511.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029512.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029513.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029521.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029522.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029523.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029525.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029616.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029617.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029618.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029619.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029622.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029623.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029624.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\NPROTECT\00029625.TXT -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\RECYCLER\NPROTECT\00029536.TXT -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Everyone Else\Cookies\everyone_else@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00028995.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00028996.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00028997.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00028998.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029008.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029009.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029010.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029011.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029012.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029039.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029040.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029041.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029042.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029043.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029044.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029052.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029053.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029054.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029055.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029062.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029063.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029064.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029065.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029081.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029082.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029083.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029084.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029091.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029092.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029093.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029094.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029111.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029112.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029113.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029114.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029141.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029142.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029143.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029144.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029145.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029175.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029176.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029177.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029178.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029180.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029181.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029182.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029183.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029184.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029211.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029212.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029213.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029214.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029215.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029217.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029218.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029219.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029220.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029221.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029233.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029234.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029235.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029236.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029238.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029239.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029240.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029241.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029243.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029244.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029245.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029246.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029247.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029682.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029683.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029684.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029685.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029686.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029687.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029688.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029690.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029691.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029692.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029693.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029694.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029695.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029705.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029706.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029707.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029708.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029748.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029749.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029750.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029840.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029841.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029842.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029843.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029854.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029855.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029856.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029857.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029858.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029865.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029866.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029867.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029868.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029872.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029873.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029874.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029875.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029880.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029881.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029882.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029883.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029884.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029898.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029899.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029900.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029901.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029908.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029909.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029910.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029911.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029918.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029919.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029920.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029921.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029922.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029928.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029929.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029930.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029931.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029935.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029936.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029937.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029938.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029939.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029943.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029944.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029945.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029951.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029952.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029953.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029954.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029970.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029971.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029972.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029973.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029980.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029981.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029982.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029983.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029984.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029991.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029992.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029993.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029994.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00029995.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Becks\Cookies\becks@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.


::Report end



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:48 PM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Everyone Else\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBStore\DSS\dssagent.exe
O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe /server"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002112...all/xscan53.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{21E2404D-467E-4BAA-925B-5676127C71EF}: NameServer = 167.206.3.212,167.206.3.211
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7948 bytes

#8 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:39 AM

Posted 06 August 2007 - 11:50 AM

How's the system running? :thumbsup: Still having issues?

Go ahead and uninstall AVG Anti-Spyware if you want.
Hi there, stranger!

#9 skeney

skeney
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Long Island, New York
  • Local time:06:39 PM

Posted 06 August 2007 - 11:53 AM

It seems fine now ... my logs look ok ?

THANK YOU ! :thumbsup:

#10 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:39 AM

Posted 06 August 2007 - 12:22 PM

One final check :thumbsup:

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Hi there, stranger!

#11 skeney

skeney
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Long Island, New York
  • Local time:06:39 PM

Posted 06 August 2007 - 12:26 PM

Deckard's System Scanner v20070804.61
Run by Everyone Else on 2007-08-06 at 13:23:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
76: 2007-08-06 17:23:43 UTC - RP1311 - Deckard's System Scanner Restore Point
75: 2007-08-06 13:25:45 UTC - RP1310 - Removed Google Toolbar for Internet Explorer
74: 2007-08-06 01:45:21 UTC - RP1309 - System Checkpoint
73: 2007-08-05 01:33:51 UTC - RP1308 - System Checkpoint
72: 2007-08-04 00:20:56 UTC - RP1307 - System Checkpoint


-- First Restore Point --
1: 2007-05-24 08:19:04 UTC - RP1236 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Everyone Else.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:25:17 PM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Everyone Else\Desktop\dss.exe
C:\DOCUME~1\EVERYO~1\Desktop\Everyone Else.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBStore\DSS\dssagent.exe
O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe /server"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002112...all/xscan53.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{21E2404D-467E-4BAA-925B-5676127C71EF}: NameServer = 167.206.3.212,167.206.3.211
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7745 bytes

-- File Associations -----------------------------------------------------------

.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.0.0.5) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.0.0.6>
R2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 NMSCFG (NIC Management Service Configuration Driver) - c:\windows\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; Intel® NMSCFG Driver>

S3 EGATHDRV (IBM eGatherer Diagnostics) - c:\windows\system32\egathdrv.sys
S3 PalmUSBD - c:\windows\system32\drivers\palmusbd.sys (file missing)
S3 usbu2a - c:\windows\system32\drivers\usbu2a.sys <Not Verified; USB Compliance; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Belkin 54g Wireless USB Network Adapter Service (Belkin 54g Wireless USB Network Adapter) - c:\program files\belkin\belkin wireless network utility\wlservice.exe
R2 NMSSvc (Intel® NMS) - c:\windows\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\5&B71CB80&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\5&B71CB80&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2007-08-02 22:57:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-07-06 and 2007-08-06 -----------------------------

2007-08-06 09:23:17 0 d-------- C:\Documents and Settings\Everyone Else\Application Data\Grisoft
2007-08-06 09:23:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-06 07:57:38 0 d-------- C:\Program Files\RogueRemover FREE
2007-08-05 12:29:49 0 d-------- C:\Program Files\Spyware Doctor
2007-08-05 12:29:49 0 d-------- C:\Documents and Settings\Everyone Else\Application Data\PC Tools
2007-08-05 12:26:43 13 --a------ C:\WINDOWS\ASSE.dat
2007-08-05 12:26:29 0 d-------- C:\Program Files\AdWare SpyWare SE
2007-08-05 12:22:10 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP


-- Find3M Report ---------------------------------------------------------------

2007-08-06 09:25:51 0 d-------- C:\Program Files\Google
2007-07-27 08:25:38 8704 --a-s---- C:\WINDOWS\system32\gusur.dll
2007-07-27 08:25:37 0 d-------- C:\Program Files\Java
2007-07-17 15:09:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-14 22:42:54 0 d-------- C:\Documents and Settings\Everyone Else\Application Data\ICQ


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" []
"DSS"="C:\WINDOWS\BBStore\DSS\dssagent.exe" []
"UC_SMB"="" []
"Tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [11/07/2001 06:50 AM]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [06/07/2002 06:54 PM]
"PROMon.exe"="PROMon.exe" [04/18/2002 10:32 PM C:\WINDOWS\system32\PROMon.exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [07/01/2004 12:02 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [07/01/2004 11:58 AM]
"EPSON Stylus CX4600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.exe" [03/04/2004 04:00 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [05/26/2007 12:45 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []
"Aim6"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/6/2003 2:06:58 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [7/21/2005 3:30:15 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - NMSCFG



-- End of Deckard's System Scanner: finished at 2007-08-06 at 13:26:09 ---------



Deckard's System Scanner v20070804.61
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.00GHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 509.98 MiB / 243.52 MiB
Pagefile Memory (total/avail): 1248.74 MiB / 962.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1966.08 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 35.91 GiB total, 5.29 GiB free.
D: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.

AV: Norton AntiVirus v2002 (Symantec Corporation) Disabled Outdated

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Everyone Else\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BASEMENT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Everyone Else
LOGONSERVER=\\BASEMENT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\EVERYO~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\EVERYO~1\LOCALS~1\Temp
USERDOMAIN=BASEMENT
USERNAME=Everyone Else
USERPROFILE=C:\Documents and Settings\Everyone Else
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

ilise bernstein (admin)
Everyone Else (admin)
Becks (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83021AC3-086F-4B77-ACCD-1BD7C9AB211E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B095CD4-555F-4F70-9B90-B1DB84D810ED}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B095CD4-555F-4F70-9B90-B1DB84D810ED}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA32BDBB-A91E-47AB-97F1-4C7007F4953C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA32BDBB-A91E-47AB-97F1-4C7007F4953C}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D World Atlas --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Xamba Software\3DWA\Uninst.isu"
Access IBM --> MsiExec.exe /X{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat Reader 3.01 --> C:\WINDOWS\uninst.exe -fC:\Acrobat3\Reader\DeIsL1.isu
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AdWare SpyWare SE --> "C:\Program Files\AdWare SpyWare SE\unins000.exe"
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AirPort --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BF943523-E0EF-4658-A3CC-D8AD0905E56F}
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\Setup.exe" -l0x9
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Belkin 54g USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\Belkin Wireless Network Utility\setup.exe" -l0x9
Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{5662C158-CA24-4228-BF6C-596FADA08682} /l1033
Canon Camera Window for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E73534D5-CC93-4C63-9072-5A9734255C74}
Canon EOS Kiss_N REBEL_XT 350D WIA Driver --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}
Canon PhotoRecord --> MsiExec.exe /X{862983D7-FA08-493E-A9ED-6B7859E069D3}
Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Canon Utilities Digital Photo Professional 1.6.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{789CF5F1-3326-4B7B-9D01-31047E0F5651}
Canon Utilities EOS Capture 1.3 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{16480125-0428-4097-9A2A-74464004D169}
Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen MicroPhoto --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1AEC8F41-4701-415D-9782-F69CFB535463}\SETUP.EXE" -l0x9 /remove
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON CX4600 Reference Guide --> C:\Program Files\epson\guide\cx4600_e\uninstall.exe
EPSON PhotoStarter3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE704636-ECD0-426C-952E-05B8DABD1949}\Setup.exe" -l0x9 uninst
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\setup.exe" -l0x9 Uninstall
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\Setup.exe" -l0x9 -anything
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Documents and Settings\Everyone Else\Local Settings\Temp\HijackThis.exe" /uninstall
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
I Love Math! --> C:\WINDOWS\Uninst.exe -r"DK Multimedia\I Love Math!\1.0.4.0" -n"I Love Math!" -fC:\PROGRA~1\DKMULT~1\ILOVEM~1\DeIsL1.isu -cC:\PROGRA~1\DKMULT~1\ILOVEM~1\uninst.dll
IBM Access Support --> wscript "C:\Program Files\Support.com\bin\uninstall.vbs" -uninstall -release1
IBM Rapid Restore PC Setup --> MsiExec.exe /X{3B7B3B4A-AF8C-4671-A92E-3E7E9ABCB22B}
IBM Update Connector --> MsiExec.exe /X{31C2FBAC-67CF-4093-8F36-15A146613747}
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet II --> MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
iPod for Windows 2005-06-26 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{FE7A3FE1-AF76-44FD-BC70-09868A51887A} /l1033
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{6E93572D-F31E-496F-8B2F-F400B3A2BC4E}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' RogueRemover 1.21 --> "C:\Program Files\RogueRemover FREE\unins000.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Interactive Training --> C:\Program Files\MSPress\Training\lunins32_s.exe
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Small Business --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
O2M 2.0 (Outlook 2002/2003/XP) --> "C:\Program Files\O2M\unins000.exe"
Print Lab Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D87D6386-3C2D-4239-9780-3418FB7B0E94}\Setup.exe" -l0x9 anything
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Scholastic's I SPY School Days --> C:\PROGRA~1\SCHOLA~1\ISPYSC~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYSC~1\INSTALL.LOG
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Solero Music Viewer --> "C:\Program Files\FreeHand Systems\Solero\unins000.exe"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.0 --> C:\Program Files\Spyware Doctor\unins000.exe
SpywareBlaster v3.4 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Support.com Software --> "C:\Program Files\Support.com\bin\tgfix.exe" /rm /nq
Uninstall PC-Doctor --> C:\PROGRA~1\PC-DOC~1\AdminCheck.exe
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WeatherBug --> C:\PROGRA~1\AWS\WEATHE~1\REMOVE.EXE C:\PROGRA~1\AWS\WEATHE~1\INSTALL.LOG
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event ID #221: Error
Event Submitted/Written: 08/05/2007 07:29:39 PM
Event Source: Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16473, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event ID #220: Error
Event Submitted/Written: 08/05/2007 05:45:17 PM
Event Source: Application Hang
Event Description:
Fault bucket 431401983.

Event ID #219: Error
Event Submitted/Written: 08/05/2007 05:44:15 PM
Event Source: Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16473, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event ID #218: Error
Event Submitted/Written: 08/05/2007 00:57:24 PM
Event Source: Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16473, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event ID #217: Error
Event Submitted/Written: 08/05/2007 00:56:13 PM
Event Source: Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16473, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event ID #31715: Error
Event Submitted/Written: 08/06/2007 00:02:55 PM
Event Source: Server
Event Description:
The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.

Event ID #31695: Warning
Event Submitted/Written: 08/06/2007 00:02:22 PM
Event Source: Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{968F8606-74BF-41C6-B240-7A8BB61A6BA4}.

Event ID #31691: Warning
Event Submitted/Written: 08/06/2007 00:01:51 PM / 08/06/2007 00:02:21 PM
Event Source: E100B
Event Description:
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Event ID #31687: Error
Event Submitted/Written: 08/06/2007 00:01:08 PM
Event Source: DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event ID #31686: Error
Event Submitted/Written: 08/06/2007 00:00:27 PM
Event Source: DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}



-- End of Deckard's System Scanner: finished at 2007-08-06 at 13:26:09 ---------

#12 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:39 AM

Posted 06 August 2007 - 01:26 PM

Looks good :thumbsup:

Delete the following file:

C:\WINDOWS\system32\gusur.dll

Empty recycle bin.

====

Please read here how to clear old restore points and create a new one.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Here's some tips for future to prevent spyware:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Comodo BOCLEAN <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed. (My favourite)
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known adsites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Other necessary Programs:
  • AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have. (Note to only use 1 at-the-time)
  • Firewall <= A firewall is definitely a must have. Two good free versions are Kerio Personal Firewall and ZoneLabs. (Note to only use 1 at-the-time)
  • More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.
And also see TonyKlein's good advice:
So how did I get infected in the first place?
Hi there, stranger!

#13 skeney

skeney
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Long Island, New York
  • Local time:06:39 PM

Posted 06 August 2007 - 01:53 PM

Kiitti :thumbsup:

#14 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:39 AM

Posted 07 August 2007 - 03:16 AM

Kiitti :thumbsup:

:D Trying finnish?

Ole hyvä.

Since this issue appears to be resolved, this Topic has been closed. Should you need this Topic reopened, please PM a Staff member with the address of this thread. :flowers:
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users