Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-ads & Very Slow Computer! >.<


  • This topic is locked This topic is locked
5 replies to this topic

#1 chriscwirla

chriscwirla

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 04 September 2006 - 12:46 AM

I was hoping I'd never have to use the HJT Team personal time again or have to worry about dealing with these bad situations but apparently I have to & i'm so sorry >.<. I'm infected with something nasty (hopefully small) pop-up thing & I come to you guys with my hands open to please help me with this infectious pest!! I've tried Ad-aware & currently up-to-date.. Don't know what to do =( Please help!!

Logfile of HijackThis v1.99.1
Scan saved at 12:45:23 AM, on 9/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.sbc.com/dsl
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsw5F.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1109546001390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130884360453
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37320.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: GEARSecurity_BackUp - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 04 September 2006 - 03:11 AM

Hello chriscwirla, and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.

Please take note of the following:
  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
Please give me some time to look over your log and I will get back to you as soon as possible.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 04 September 2006 - 05:30 AM

Hello chriscwirla, sorry for the delay in getting back to you.

======

Please allow 'On-Access scanning' for only one Antivirus programs.

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, it runs in the background all the time the PC is turned on and running.
The main function of an on-access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine.

After you've decided which Antivirus program should do what, and set them accordingly, continue with the fix.

======

Please download Ewido to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install Ewido by double clicking the installer.
  • Follow the prompts. Make sure that Launch Ewido is checked.
  • On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesfull message.
    Note: If the Update now option is grayed out, follow the steps below.
  • Click on Update on the toolbar.
  • Under Manual update, click on the Start Update button.
  • Wait until you see the Update succesfull message.
[*]Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
[/list]If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.

======

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsw5F.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

======

Now, please reboot your computer into Safe Mode. This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list.

======

Next, please find and delete the following files/folders (if present):

C:\WINDOWS\system32\nsw5F.dll <--This file

======

Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
======

Reboot into Normal Mode.

======

Then please post back with:
-A new Hijackthis log
-Ewido log
-How is the computer running now?

Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#4 chriscwirla

chriscwirla
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 04 September 2006 - 04:50 PM

Hello Charles!! Thank you so much for helping me! I'll keep you up-to-date on if any pop-up ads start coming up randomly again, I figure post the new information asap though. And as far as the computer running now, it starts up a lot faster then it was before. Thank you so much!
P.s. Ewido's log is scary.. >.< Thanks again!

Hijack Log

Logfile of HijackThis v1.99.1
Scan saved at 4:45:24 PM, on 9/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Documents and Settings\Christopher.CASARES-7\Desktop\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Documents and Settings\Christopher.CASARES-7\Desktop\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.sbc.com/dsl
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [!ewido] "C:\Documents and Settings\Christopher.CASARES-7\Desktop\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1109546001390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130884360453
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37320.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Documents and Settings\Christopher.CASARES-7\Desktop\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: GEARSecurity_BackUp - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Ewido Log

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:36:00 PM 9/4/2006

+ Scan result:



F:\System Volume Information\_restore{30525F60-6FB3-4865-8BDD-03E37C2F48F5}\RP23\A0013947.DLL -> Adware.180Solutions : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{30525F60-6FB3-4865-8BDD-03E37C2F48F5}\RP45\A0030017.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{30525F60-6FB3-4865-8BDD-03E37C2F48F5}\RP45\A0030018.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\Program Files\HijackThis\backups\backup-20060904-142556-598.dll -> Adware.Coupons : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00173388.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Local Settings\Temp\NNBar_VCSetup_876075.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Local Settings\Temp\mit28.tmp.cab/NNBar_VCSetup_876075.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Local Settings\Temp\mit28.tmp/NNBar_VCSetup_876075.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinNB58.dll -> Adware.Mirar : Cleaned with backup (quarantined).
F:\Program Files\NewDotNet\uninstall4_34.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
F:\Program Files\NewDotNet\uninstall4_88.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\MirarSetup_876075.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
F:\Program Files\SaveNow\SaveNow.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
F:\Program Files\SaveNow\Uninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\system32\adrotate.dll -> Adware.TrafficSol : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172894.EXE/WhAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
F:\Program Files\Xupiter\XTSearch.dll -> Adware.Xupiter : Cleaned with backup (quarantined).
C:\Program Files\HijackThis\backups\backup-20060904-142555-123.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00173387.DLL -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Local Settings\Temporary Internet Files\Content.IE5\GHYF49YZ\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Local Settings\Temporary Internet Files\Content.IE5\GXYV81MF\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Local Settings\Temporary Internet Files\Content.IE5\W9IRK5UJ\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Local Settings\Temporary Internet Files\Content.IE5\W9IRK5UJ\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Local Settings\Temporary Internet Files\Content.IE5\WTYVSXUN\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : Cleaned with backup (quarantined).
C:\Documents and Settings\Francine & Lil Angel\Cookies\francine & lil angel@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@boostmobile.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@chicagosuntimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher.CASARES-7\Cookies\christopher@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Francine & Lil Angel\Cookies\francine & lil angel@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Jeanine\Cookies\jeanine@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Jeanine\Cookies\jeanine@clubmom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Jeanine\Cookies\jeanine@northwestairlines.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@planetout.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@tgn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@wrigley.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@hollywoodentertainment.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@snagajob.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Local Settings\Temp\Cookies\tricia@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172204.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172205.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172206.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172207.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172208.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172210.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172211.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172212.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172213.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172215.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172216.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172218.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172219.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172224.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172225.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172226.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172227.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172229.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172230.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172231.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172232.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172236.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172237.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172860.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@mrsupergames.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Jeanine\Cookies\jeanine@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\Jeanine\Cookies\jeanine@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher.CASARES-7\Cookies\christopher@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Francine & Lil Angel\Cookies\francine & lil angel@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Jeanine\Cookies\jeanine@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172956.TXT -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172958.TXT -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172973.TXT -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Local Settings\Temp\Cookies\chavonne@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher.CASARES-7\Cookies\christopher@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Francine & Lil Angel\Cookies\francine & lil angel@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171534.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171536.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171537.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171546.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171547.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171548.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171549.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171550.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171551.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171793.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171794.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171795.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171830.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171831.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171832.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171861.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171862.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171863.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171920.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171921.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171922.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171930.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171931.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171932.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171959.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172425.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172426.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172468.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172469.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172470.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172471.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172472.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172516.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172517.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172518.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172528.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172529.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172530.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172541.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172542.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172543.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172612.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172966.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00173195.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00173196.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00173197.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00173198.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00173199.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00173200.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00173203.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00173204.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00173205.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00173207.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00173208.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00173209.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00173210.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00173211.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Local Settings\Temp\Cookies\chavonne@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher.CASARES-7\Cookies\christopher@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Francine & Lil Angel\Cookies\francine & lil angel@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Jeanine\Cookies\jeanine@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Local Settings\Temp\Cookies\tricia@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172384.TXT -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172613.TXT -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172657.TXT -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172821.TXT -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172967.TXT -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Documents and Settings\Francine & Lil Angel\Cookies\francine & lil angel@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Documents and Settings\Jeanine\Cookies\jeanine@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Jeanine\Cookies\jeanine@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher.CASARES-7\Cookies\christopher@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Jeanine\Cookies\jeanine@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00173293.TXT -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Local Settings\Temp\Cookies\chavonne@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Francine & Lil Angel\Cookies\francine & lil angel@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171577.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171578.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171579.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171603.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171604.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171605.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171609.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171610.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171611.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171623.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171624.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171625.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171629.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171630.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171631.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171692.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171693.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171694.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171698.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171699.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171700.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171738.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171739.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171740.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171744.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171745.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171746.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171816.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171817.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171818.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171906.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171907.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171908.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171913.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171914.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171915.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172484.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172485.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172486.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172489.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172490.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172491.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172496.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172497.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172498.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172507.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172508.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172509.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172614.TXT -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@crbanner.casinopays[2].txt -> TrackingCookie.Casinopays : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher.CASARES-7\Cookies\christopher@clickagents[1].txt -> TrackingCookie.Clickagents : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
C:\Documents and Settings\Jeanine\Cookies\jeanine@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher.CASARES-7\Cookies\christopher@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Jeanine\Cookies\jeanine@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
C:\Documents and Settings\Jeanine\Cookies\jeanine@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@test.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@bilbo.counted[2].txt -> TrackingCookie.Counted : Cleaned with backup (quarantined).
C:\Documents and Settings\Jeanine\Cookies\jeanine@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Local Settings\Temp\Cookies\chavonne@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher.CASARES-7\Cookies\christopher@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Francine & Lil Angel\Cookies\francine & lil angel@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Jeanine\Cookies\jeanine@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Local Settings\Temp\Cookies\tricia@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172449.TXT -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172450.TXT -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172615.TXT -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172634.TXT -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172658.TXT -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172832.TXT -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172891.TXT -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172989.TXT -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172994.TXT -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172995.TXT -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher.CASARES-7\Cookies\christopher@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@e-2dj6wfk4qicpwhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@e-2dj6wfkyald5cep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@e-2dj6wfl4ohczieo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@e-2dj6wfliahc5odo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@e-2dj6wgkougcpiao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@e-2dj6wgkowpd5wlq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@e-2dj6wjkoomazefp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@e-2dj6wjkyomcpebp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@e-2dj6wjliwld5ghp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@e-2dj6wjlyemajabo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@e-2dj6wjmiggd5ahp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@e-2dj6wjnyeoazmeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@e-2dj6wjnyojdjgco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@e-2dj6wjnyqlc5okq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Jeanine\Cookies\jeanine@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Local Settings\Temp\Cookies\chavonne@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher.CASARES-7\Cookies\christopher@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher.CASARES-7\Cookies\christopher@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Francine & Lil Angel\Cookies\francine & lil angel@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Jeanine\Cookies\jeanine@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Cookies\tony@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171540.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171541.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171563.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171564.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171574.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171575.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171592.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171593.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171647.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171648.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171684.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171685.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171686.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171846.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00171854.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172477.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00172616.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00173362.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Chavonne\Cookies\chavonne@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher.CASARES-7\Cookies\christopher@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
C:\Documents and Settings\Tricia\Cookies\tricia@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\0017

Edited by chriscwirla, 04 September 2006 - 04:51 PM.


#5 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 05 September 2006 - 04:26 AM

Hey Chriscwirla, nice job in removing all that malware! The ewido log indicates that there is still more malware on your computer, that is not being shown by your hijackthis log.

======

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

======

Open HijackThis
- Click the Config... button, then go to the Misc Tools section.
- Click on Open Uninstall Manager. You'll see a list of programs.
- Click on Save List...

The file "uninstall_list.txt" will be created. Copy and paste the contents of this file to your next reply.

======

The ewido log also indicates that you currently have a lot of malware in your recycle bin, so please empty it now. If you right click on your Recycle Bin icon, you should also have an option to "Empty Norton Protected Files" or something like that. Please do this as well.

======

Please can you also run another Ewido scan for me, and make sure that you post the full log this time :thumbsup:. I know that it is very long, but if necessary, you can use more than one reply to get it all in. You will know when you have posted it all because there will be a little bit at the bottom that says:

::Report end

======

Post back with the following:
- uninstall_list.txt
- new Ewido log

Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#6 illukka

illukka

    retar.. erm retired!


  • Security Colleague
  • 2,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Pits Of Hell
  • Local time:01:05 PM

Posted 14 September 2006 - 10:44 AM

due to lack of feedback to a helper-> this topic is now closed

thank you rookie147 :thumbsup:
To Ride, Shoot Straight And Speak The Truth

a retired malware fighter/teacher/advisor




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users