Hijack This log help please

Unknown · July 2006

Hello everyone, I've recently been having alot of problems with my computer. My web browsers have been crashing and my new norton antivirus cant complete a full scan. I was wondering if you could help. I have run adaware and removed all that it could do and here is my hijack this log....any help would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 11:04:27 PM, on 7/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Joe Covino\Desktop\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {6140808A-2BDF-62AB-E380-030563F7FE3A} - Testimonials.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [stuffmon] MON76234.exe
O4 - HKLM\..\Run: [prgsys0984] ActionScr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [bnui] dialer423.exe
O4 - HKCU\..\Run: [ActionScr] dialer423.exe
O4 - HKCU\..\Run: [ssweeper] wormexe.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {02CEAC97-CDD9-4E02-9D5C-AA7FD014E44A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {02CEAC97-CDD9-4E02-9D5C-AA7FD014E44A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {4B254D8E-2B57-42F1-AEB0-1D65EC704504} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4B254D8E-2B57-42F1-AEB0-1D65EC704504} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {70411133-C8CF-4E79-B273-BD48E884547A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {70411133-C8CF-4E79-B273-BD48E884547A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {71C78C21-187F-4FB3-A4AA-1BC798AB3A2B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {71C78C21-187F-4FB3-A4AA-1BC798AB3A2B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B21A1D50-9E2F-49E5-BA39-36A5E1DA241C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B21A1D50-9E2F-49E5-BA39-36A5E1DA241C} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B560445B-06AA-4A62-BDED-EBAC57DC8329} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B560445B-06AA-4A62-BDED-EBAC57DC8329} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B8EB97DD-77E4-4305-80B2-8A19B2249FCD} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B8EB97DD-77E4-4305-80B2-8A19B2249FCD} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C076A69A-FF40-4941-B6EC-89CC7CB744FC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C076A69A-FF40-4941-B6EC-89CC7CB744FC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F8FF9458-3C49-481D-9CD2-9AE161214B8E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F8FF9458-3C49-481D-9CD2-9AE161214B8E} - (no file) (HKCU)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{056F6629-5DAB-41A2-A7EF-8D70B8281645}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FDBEB75-50C9-4C65-B25D-B95072FAD7EA}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{4186CCB1-926E-4F8C-8D07-3A3F781A9045}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{898B4ECB-4038-4FB4-8156-4AB5FC29DEC5}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F001BDF-E2FA-48A7-9CFC-FA7497086107}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\..\{056F6629-5DAB-41A2-A7EF-8D70B8281645}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.152
O17 - HKLM\System\CS2\Services\Tcpip\..\{056F6629-5DAB-41A2-A7EF-8D70B8281645}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.152
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)

Thanks,
The Colonel

chiaz · July 2006

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.

The Colonel · July 2006

Thanks for the reply, I downloaded the program you asked and here is the txt file that came up after I ran it.

Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D4310216D8F5-457A-E884-55DF-A82A63A5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2017461D49BA-3DBB-FFB4-F9DC-3D1FE87E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F88DAEA495D0-005A-26A4-20EC-9FDD1B72{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B3E1F5EDF80C-3BE9-6F94-CD2E-BCD07005{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}645FA11EB842-2B18-3864-2BC0-B1647654{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4E8B498EEC50-1D6A-8A04-0C69-BF7F7B1B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\jpymd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\owt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmypj.exe"=-
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...
* csr.exe C:\WINDOWS\System32\CSJRG.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSJRG.EXE 51,298 2006-07-05
C:\WINDOWS\SYSTEM32\DMYPJ.EXE 44,039 2004-08-04
Other suspects
Directory of C:\WINDOWS\system32
{B1B7F7FB-96C0-40A8-A6D1-05CEE894B8E4}.exe
{4567461B-0CB2-4683-81B2-248BE11AF546}.exe
{50070DCB-E2DC-49F6-9EB3-C08FDE5F1E3B}.exe
{27B1DDF9-CE02-4A62-A500-0D594AEAD88F}.exe
{E78EF1D3-CD9F-4BFF-BBD3-AB94D1647102}.exe

And here is my updated hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 8:31:29 AM, on 7/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Joe Covino\Desktop\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {6140808A-2BDF-62AB-E380-030563F7FE3A} - Testimonials.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [stuffmon] MON76234.exe
O4 - HKLM\..\Run: [prgsys0984] ActionScr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [bnui] dialer423.exe
O4 - HKCU\..\Run: [ActionScr] dialer423.exe
O4 - HKCU\..\Run: [ssweeper] wormexe.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {02CEAC97-CDD9-4E02-9D5C-AA7FD014E44A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {02CEAC97-CDD9-4E02-9D5C-AA7FD014E44A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {4B254D8E-2B57-42F1-AEB0-1D65EC704504} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4B254D8E-2B57-42F1-AEB0-1D65EC704504} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {70411133-C8CF-4E79-B273-BD48E884547A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {70411133-C8CF-4E79-B273-BD48E884547A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {71C78C21-187F-4FB3-A4AA-1BC798AB3A2B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {71C78C21-187F-4FB3-A4AA-1BC798AB3A2B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B21A1D50-9E2F-49E5-BA39-36A5E1DA241C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B21A1D50-9E2F-49E5-BA39-36A5E1DA241C} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B560445B-06AA-4A62-BDED-EBAC57DC8329} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B560445B-06AA-4A62-BDED-EBAC57DC8329} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B8EB97DD-77E4-4305-80B2-8A19B2249FCD} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B8EB97DD-77E4-4305-80B2-8A19B2249FCD} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C076A69A-FF40-4941-B6EC-89CC7CB744FC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C076A69A-FF40-4941-B6EC-89CC7CB744FC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F8FF9458-3C49-481D-9CD2-9AE161214B8E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F8FF9458-3C49-481D-9CD2-9AE161214B8E} - (no file) (HKCU)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{056F6629-5DAB-41A2-A7EF-8D70B8281645}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FDBEB75-50C9-4C65-B25D-B95072FAD7EA}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{4186CCB1-926E-4F8C-8D07-3A3F781A9045}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{898B4ECB-4038-4FB4-8156-4AB5FC29DEC5}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F001BDF-E2FA-48A7-9CFC-FA7497086107}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\..\{056F6629-5DAB-41A2-A7EF-8D70B8281645}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.152
O17 - HKLM\System\CS2\Services\Tcpip\..\{056F6629-5DAB-41A2-A7EF-8D70B8281645}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.152
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)

Thanks again,
The Colonel

chiaz · July 2006

First download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan, as well as a new HijackThis log.

The Colonel · July 2006

OK I downloaded the ewido anti-spyware program and here are the results.

+ Scan result:

C:\WINDOWS\SYSTEM32\csjrg.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\ProfR1G.exe -> Downloader.IstBar.er : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe Covino\Local Settings\Temp\Temporary Internet Files\Content.IE5\VJ7E4UKD\0177[1].jpg -> Downloader.Small.cnh : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\hp9903.tmp -> Downloader.Zlob.nh : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\simpole.tlb -> Downloader.Zlob.nj : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@msnportal.112.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.268:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.676:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.341:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.286:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.287:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.288:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.289:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.290:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.342:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.343:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@burstnet[2].txt[/email] -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.173:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.174:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.176:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.177:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.178:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.180:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.181:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.182:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@casalemedia[2].txt[/email] -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.547:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.548:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@com[1].txt[/email] -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.748:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.749:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.750:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.751:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.752:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.753:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.201:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.202:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.203:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.204:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.206:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.207:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@fastclick[2].txt[/email] -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.546:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
:mozilla.701:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.705:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.740:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.741:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.742:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.85:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

The Colonel · July 2006

C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@sales.liveperson[1].txt[/email] -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.618:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.231:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.232:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@www.myaffiliateprogram[1].txt[/email] -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@data4.perf.overture[2].txt[/email] -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.565:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@ads.pointroll[2].txt[/email] -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.533:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.534:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.109:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@questionmarket[1].txt[/email] -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup (quarantined).
:mozilla.624:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.625:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.626:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.627:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.628:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.269:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.271:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.272:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.277:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.419:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.420:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.421:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.422:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.423:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.424:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.425:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.426:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.427:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.428:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.429:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.430:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.431:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.432:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.433:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.434:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.435:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.436:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.437:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.438:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.439:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.440:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.441:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.442:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.443:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.444:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.445:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.446:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.447:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.448:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.449:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.450:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.451:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.452:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.453:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.454:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.455:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.456:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.457:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.458:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.459:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.460:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.461:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.462:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.463:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.464:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.465:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.466:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.467:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.468:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.382:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.383:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.384:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.385:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.386:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.387:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.388:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.389:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.397:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.398:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.399:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.400:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.401:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.402:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.403:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.404:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.405:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.406:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.407:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.408:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.409:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.410:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.411:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.412:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.413:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.414:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.415:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.416:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@adopt.specificclick[1].txt[/email] -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt -> TrackingCookie.Specificpop : Cleaned with backup (quarantined).
:mozilla.266:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.267:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.280:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.281:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.282:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.283:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.357:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@anad.tacoda[2].txt[/email] -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@anat.tacoda[1].txt[/email] -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@tacoda[1].txt[/email] -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.729:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.730:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.731:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.732:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.733:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.734:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.735:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.736:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.307:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.308:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.309:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.310:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@tribalfusion[1].txt[/email] -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.155:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.162:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@ad.yieldmanager[2].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe Covino\Local Settings\Temp\Cookies\joe [email]covino@ad.yieldmanager[2].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.270:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.273:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.274:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.275:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.276:C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dmypj.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\{4567461B-0CB2-4683-81B2-248BE11AF546}.exe -> Trojan.Puper.bx : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\{E78EF1D3-CD9F-4BFF-BBD3-AB94D1647102}.exe -> Trojan.Small.gq : Cleaned with backup (quarantined).

The Colonel · July 2006

and here is the most updated hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 5:43:38 PM, on 7/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Joe Covino\Desktop\Hijack This\HijackThis.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {6140808A-2BDF-62AB-E380-030563F7FE3A} - Testimonials.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [stuffmon] MON76234.exe
O4 - HKLM\..\Run: [prgsys0984] ActionScr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [bnui] dialer423.exe
O4 - HKCU\..\Run: [ActionScr] dialer423.exe
O4 - HKCU\..\Run: [ssweeper] wormexe.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {02CEAC97-CDD9-4E02-9D5C-AA7FD014E44A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {02CEAC97-CDD9-4E02-9D5C-AA7FD014E44A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {4B254D8E-2B57-42F1-AEB0-1D65EC704504} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4B254D8E-2B57-42F1-AEB0-1D65EC704504} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {70411133-C8CF-4E79-B273-BD48E884547A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {70411133-C8CF-4E79-B273-BD48E884547A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {71C78C21-187F-4FB3-A4AA-1BC798AB3A2B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {71C78C21-187F-4FB3-A4AA-1BC798AB3A2B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B21A1D50-9E2F-49E5-BA39-36A5E1DA241C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B21A1D50-9E2F-49E5-BA39-36A5E1DA241C} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B560445B-06AA-4A62-BDED-EBAC57DC8329} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B560445B-06AA-4A62-BDED-EBAC57DC8329} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B8EB97DD-77E4-4305-80B2-8A19B2249FCD} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B8EB97DD-77E4-4305-80B2-8A19B2249FCD} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C076A69A-FF40-4941-B6EC-89CC7CB744FC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C076A69A-FF40-4941-B6EC-89CC7CB744FC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F8FF9458-3C49-481D-9CD2-9AE161214B8E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F8FF9458-3C49-481D-9CD2-9AE161214B8E} - (no file) (HKCU)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{056F6629-5DAB-41A2-A7EF-8D70B8281645}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FDBEB75-50C9-4C65-B25D-B95072FAD7EA}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{4186CCB1-926E-4F8C-8D07-3A3F781A9045}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{898B4ECB-4038-4FB4-8156-4AB5FC29DEC5}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F001BDF-E2FA-48A7-9CFC-FA7497086107}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\..\{056F6629-5DAB-41A2-A7EF-8D70B8281645}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.152
O17 - HKLM\System\CS2\Services\Tcpip\..\{056F6629-5DAB-41A2-A7EF-8D70B8281645}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.152
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)

Once again thanks for all the help.
The Colonel

chiaz · July 2006

Please launch HijackThis and place a tick by the following entries:
O4 - HKLM\..\Run: [stuffmon] MON76234.exe
O4 - HKLM\..\Run: [prgsys0984] ActionScr.exe
O4 - HKCU\..\Run: [bnui] dialer423.exe
O4 - HKCU\..\Run: [ActionScr] dialer423.exe
O4 - HKCU\..\Run: [ssweeper] wormexe.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{056F6629-5DAB-41A2-A7EF-8D70B8281645}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FDBEB75-50C9-4C65-B25D-B95072FAD7EA}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{4186CCB1-926E-4F8C-8D07-3A3F781A9045}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{898B4ECB-4038-4FB4-8156-4AB5FC29DEC5}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F001BDF-E2FA-48A7-9CFC-FA7497086107}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\..\{056F6629-5DAB-41A2-A7EF-8D70B8281645}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.152
O17 - HKLM\System\CS2\Services\Tcpip\..\{056F6629-5DAB-41A2-A7EF-8D70B8281645}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.152
Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer.

Run FixWareout again from your desktop (download it again if you have deleted it).
The fix will begin; follow the prompts. You will be asked to reboot your computer just as last time; please do so. Your system may take longer than usual to load; again this is normal.

Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.

Also please click Start > Run. In the box, type in cmd and click Enter. Then enter in ipconfig /flushdns.

The Colonel · July 2006

Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
Other suspects
Directory of C:\WINDOWS\system32
{B1B7F7FB-96C0-40A8-A6D1-05CEE894B8E4}.exe

hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 9:05:30 AM, on 7/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Joe Covino\Desktop\Hijack This\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {6140808A-2BDF-62AB-E380-030563F7FE3A} - Testimonials.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {02CEAC97-CDD9-4E02-9D5C-AA7FD014E44A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {02CEAC97-CDD9-4E02-9D5C-AA7FD014E44A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {4B254D8E-2B57-42F1-AEB0-1D65EC704504} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4B254D8E-2B57-42F1-AEB0-1D65EC704504} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {70411133-C8CF-4E79-B273-BD48E884547A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {70411133-C8CF-4E79-B273-BD48E884547A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {71C78C21-187F-4FB3-A4AA-1BC798AB3A2B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {71C78C21-187F-4FB3-A4AA-1BC798AB3A2B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B21A1D50-9E2F-49E5-BA39-36A5E1DA241C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B21A1D50-9E2F-49E5-BA39-36A5E1DA241C} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B560445B-06AA-4A62-BDED-EBAC57DC8329} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B560445B-06AA-4A62-BDED-EBAC57DC8329} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B8EB97DD-77E4-4305-80B2-8A19B2249FCD} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B8EB97DD-77E4-4305-80B2-8A19B2249FCD} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C076A69A-FF40-4941-B6EC-89CC7CB744FC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C076A69A-FF40-4941-B6EC-89CC7CB744FC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F8FF9458-3C49-481D-9CD2-9AE161214B8E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F8FF9458-3C49-481D-9CD2-9AE161214B8E} - (no file) (HKCU)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)

chiaz · July 2006

Launch HijackThis and place a tick by this entry:
R3 - URLSearchHook: (no name) - {6140808A-2BDF-62AB-E380-030563F7FE3A} - Testimonials.dll (file missing)
Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer.

How is your system running now? If you are still getting the problems you reported earlier on, please run Panda ActiveScan.

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.

The Colonel · July 2006

Incident Status Location

Adware:adware/emediacodec Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/savenow Not disinfected Windows Registry
Potentially unwanted tool:application/kill&clean Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{BF69DF00-2734-477F-8257-27CD04F88779}
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.overture.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.webpower.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Mozilla\Firefox\Profiles\14ipdglg.default\cookies.txt[.belnk.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Joe Covino\Application Data\Phoenix\Profiles\default\r0zcsvci.slt\cookies.txt[.bravenet.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@2o7[1].txt[/email]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@ad.yieldmanager[2].txt[/email]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@ads.pointroll[2].txt[/email]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@atwola[1].txt[/email]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@belnk[1].txt[/email]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@casalemedia[2].txt[/email]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@dist.belnk[2].txt[/email]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@fastclick[2].txt[/email]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@go[1].txt[/email]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@go[2].txt[/email]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@go[3].txt[/email]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@media.fastclick[1].txt[/email]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@realmedia[1].txt[/email]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@searchportal.information[1].txt[/email]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Joe Covino\Cookies\joe [email]covino@tribalfusion[2].txt[/email]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Joe Covino\Local Settings\Temp\Cookies\joe [email]covino@atwola[1].txt[/email]

and no the comptuer still isn't running properly.

Hijack This log help please

Comments