PDA

View Full Version : Command Service



high tech
2006-11-03, 20:14
I am unable to remove command service. I have run Spybot v1.4, Adaware, and Norton antivirus pro 2003. Spybot is unable to delete the command service files. What are the symptoms of a command service infection? My computer seems to be running slower and I am continually getting a large number of pop ups. Are these symptoms the result of command service?
Here's a copy of my logfiLogfile of HijackThis v1.99.1 Please help!
Scan saved at 10:11:39 AM, on 11/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\netmedia.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\SCURIT~1\javaw.exe
C:\WINDOWS\M?crosoft\n?tepad.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\JANRAL~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R3 - URLSearchHook: (no name) - {AACE51EA-9908-E6DC-7870-B9896A7932C4} - C:\WINDOWS\system32\fkdlg.dll
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\system32\khfcbbc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {9A7920B9-ED0A-9ED9-7B90-C79E8B17079D} - C:\WINDOWS\system32\pcsierhb.dll (file missing)
O2 - BHO: (no name) - {AACE51EA-9908-E6DC-7870-B9896A7932C4} - C:\WINDOWS\system32\fkdlg.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [{29123221-3AF8-488c-85DE-6B3EC59E8074}] C:\WINDOWS\netmedia.exe -s
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKLM\..\Run: [qzz457fc] RUNDLL32.EXE w0471b8d.dll,n 006457f60000000a0471b8d
O4 - HKLM\..\Run: [win3208484168346] C:\WINDOWS\win3208484168346.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\RunServices: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [{29123221-3AF8-488c-85DE-6B3EC59E8074}] C:\WINDOWS\netmedia.exe -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Toai] "C:\PROGRA~1\COMMON~1\SCURIT~1\javaw.exe" -vt yazb
O4 - HKCU\..\Run: [Cbtbpk] C:\WINDOWS\M?crosoft\n?tepad.exe
O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00330010-0000-0000-0000-000020160010} - http://207.234.185.217/ABoxInst_int25.exe
O16 - DPF: {05574F48-FEE1-4A0A-9013-B8A85C7C6CCE} (VacPro.int_ver20a) - http://www.muiegaozsicur.com/ocx/can_ver20a.CAB
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://64.69.85.208/mgaxctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://D:\CDVIEWER\CdViewer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: khfcbbc - khfcbbc.dll (file missing)
O21 - SSODL: CTEiNjJGIZs - {322B1209-9881-B8A3-9FBE-DD6262AB8BD6} - C:\WINDOWS\system32\nkl.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

teacup61
2006-11-04, 17:26
Hello high tech,

Welcome to Safer Networking Forums :)

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea

high tech
2006-11-05, 03:07
I have run combo fix and posted the log below. I was unable to include the latest highjackthis log as the reply text was too long and an error resulted. I had to shorten it to less than 2000 characters. I will include the latest highjack this log on my next reply thnx. - 06-11-04 16:47:34.43 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Desktop"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{503AB937-922F-4DA3-A66D-D7CC806F1180}]
@=""

[HKEY_CLASSES_ROOT\clsid\{503AB937-922F-4DA3-A66D-D7CC806F1180}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{503AB937-922F-4DA3-A66D-D7CC806F1180}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{503AB937-922F-4DA3-A66D-D7CC806F1180}\InprocServer32]
@="C:\\WINDOWS\\system32\\ajdiosrv.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\system32\c800lidm180a.dll
C:\WINDOWS\system32\m4rm0e91eh.dll
C:\WINDOWS\system32\nv0029dmg.dll
C:\WINDOWS\system32\fplm0331e.dll
C:\WINDOWS\system32\gpjsl3171.dll
C:\WINDOWS\system32\e0jm0a11ed.dll
C:\WINDOWS\system32\l62s0gf7e62.dll


Granting sedebugprivilege to Administrators ... successful


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\deskbar_e34.exe
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\Common Files\{322B1208-0710-4105-0816-040409150001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\WINDOWS\MCROSO~1
C:\QooBox\Purity\WINDOWS\SSEMBL~1
C:\QooBox\Purity\WINDOWS\MCROSO~1\n?tepad.exe
C:\QooBox\Purity\Program Files\Common Files\DOBE~1
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\s?curity
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\javaw.exe
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\s?curity\ctxad-505.0000
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\s?curity\ctxad-505.0001
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\s?curity\ctxad-505.0002
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\s?curity\ctxad-505.0003
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\s?curity\ctxad-505.0004
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\s?curity\ctxad-505.0005
C:\QooBox\Purity\Documents and Settings\Application Data\TSKS~1


((((((((((((((((((((((((((((((( Files Created from 2006-10-04 to 2006-11-04 ))))))))))))))))))))))))))))))))))


2006-10-29 09:58 131,072 --a------ C:\WINDOWS\system32\fkdlg.dll
2006-10-24 21:20 1 --a------ C:\WINDOWS\system32\au3305adc.dll
2006-10-24 21:19 39,264 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2006-10-23 17:11 2 --a------ C:\WINDOWS\system32\wnscpsv.exe
2006-10-23 17:11 1,259 --a------ C:\WINDOWS\system32\qzz457fc.sys
2006-10-23 17:10 5,120 --a------ C:\nrypyd.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-30 09:41 125 ---hs---- C:\Documents and Settings\Application Data\.zreglib
2006-10-29 12:24 -------- d-------- C:\Documents and Settings\Application Data\Sun
2006-10-29 12:20 -------- d-------- C:\Program Files\Java
2006-10-24 21:22 -------- d-------- C:\Documents and Settings\Application Data\dvdcss
2006-10-24 21:19 -------- d-------- C:\Program Files\Apollo DVD Copy
2006-10-24 17:22 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-10-23 23:31 -------- d-------- C:\Program Files\hijackthis
2006-10-23 17:11 -------- d--h----- C:\Program Files\BHO Plugin
2006-10-05 11:11 875 --a------ C:\Documents and Settings\Application Data\AdobeDLM.log
2006-10-05 11:11 0 --a------ C:\Documents and Settings\Application Data\dm.ini
2006-09-28 19:03 27648 --a------ C:\WINDOWS\netmedia.exe
2006-09-15 22:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:52 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-12 22:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 08:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 05:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 02:14 23040 --a------ C:\WINDOWS\system32\fltMc.exe
2006-08-16 04:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"{29123221-3AF8-488c-85DE-6B3EC59E8074}"="C:\\WINDOWS\\netmedia.exe -s"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"Toai"="\"C:\\PROGRA~1\\COMMON~1\\SCURIT~1\\javaw.exe\" -vt yazb"
"Cbtbpk"="C:\\WINDOWS\\M?crosoft\\n?tepad.exe"
"_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"Advanced Tools Check"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NWEReboot"=""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"{29123221-3AF8-488c-85DE-6B3EC59E8074}"="C:\\WINDOWS\\netmedia.exe -s"
"Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe"
"qzz457fc"="RUNDLL32.EXE w0471b8d.dll,n 006457f60000000a0471b8d"
"win3208484168346"="C:\\WINDOWS\\win3208484168346.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,98,00,00,00,00,00,00,00,e8,03,00,00,3f,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{0E24427B-DF2A-40EB-980B-A819F5FF3DD0}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"CTEiNjJGIZs"="{322B1209-9881-B8A3-9FBE-DD6262AB8BD6}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Background Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\EPSON Background Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\EPSON Background Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\EPSON\\ESM2\\STMS.exe "
"item"="EPSON Background Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="point32"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="type32"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wwDisp"
"hkey"="HKCU"
"command"="C:\\Program Files\\Webroot\\Washer\\wwDisp.exe"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcbbc

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job
Logfile of HijackThis v1.99.1

high tech
2006-11-05, 03:10
Per my previous reply. Here is my latest highjack this log. It was run after combo fix. thnx.

ALogfile of HijackThis v1.99.1
Scan saved at 5:08:46 PM, on 11/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\netmedia.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\JANRAL~1\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R3 - URLSearchHook: (no name) - {AACE51EA-9908-E6DC-7870-B9896A7932C4} - C:\WINDOWS\system32\fkdlg.dll
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\system32\khfcbbc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {9A7920B9-ED0A-9ED9-7B90-C79E8B17079D} - C:\WINDOWS\system32\pcsierhb.dll (file missing)
O2 - BHO: (no name) - {AACE51EA-9908-E6DC-7870-B9896A7932C4} - C:\WINDOWS\system32\fkdlg.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [{29123221-3AF8-488c-85DE-6B3EC59E8074}] C:\WINDOWS\netmedia.exe -s
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKLM\..\Run: [qzz457fc] RUNDLL32.EXE w0471b8d.dll,n 006457f60000000a0471b8d
O4 - HKLM\..\Run: [win3208484168346] C:\WINDOWS\win3208484168346.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\RunServices: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [{29123221-3AF8-488c-85DE-6B3EC59E8074}] C:\WINDOWS\netmedia.exe -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Toai] "C:\PROGRA~1\COMMON~1\SCURIT~1\javaw.exe" -vt yazb
O4 - HKCU\..\Run: [Cbtbpk] C:\WINDOWS\M?crosoft\n?tepad.exe
O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00330010-0000-0000-0000-000020160010} - http://207.234.185.217/ABoxInst_int25.exe
O16 - DPF: {05574F48-FEE1-4A0A-9013-B8A85C7C6CCE} (VacPro.int_ver20a) - http://www.muiegaozsicur.com/ocx/can_ver20a.CAB
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://64.69.85.208/mgaxctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://D:\CDVIEWER\CdViewer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: khfcbbc - khfcbbc.dll (file missing)
O21 - SSODL: CTEiNjJGIZs - {322B1209-9881-B8A3-9FBE-DD6262AB8BD6} - C:\WINDOWS\system32\nkl.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

teacup61
2006-11-05, 05:51
Hello,

1. Download AVG Anti-Spyware (formerly Ewido) from HERE (http://www.ewido.net/en/download/) and save that file to your desktop.
This is a 30 day trial of the program
Once you have downloaded AVG anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete, run AVG and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close AVG anti-spyware, Do Not run a scan just yet

2. Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

4. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

5. IMPORTANT: Do not open any other windows or programs while AVG is scanning, it may interfere with the scanning proccess:
Lauch AVG anti-spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your desktop (This is important)
Close AVG and reboot your system back into Normal Mode.

6. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select alcanshorty.bfu
Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of AVG text report that you saved and a new HiJackThis log.

Thanks,
tea

high tech
2006-11-08, 03:10
I followed all of your directions to the letter.I encountered 2 problems. PROB 1: After I completed the AVG scan and selected the "reports" icon, AVG indicated "no reports available". PROB 2: Back in normal mode when I selected alcanshorty.bfu, I got a return message "windows cannot open this file". I searched on the web and could not find any program to open the .bfu extension. Any suggestions? Help. I included a highjackthis log incase it might help. Thanks.





Logfile of HijackThis v1.99.1
Scan saved at 5:09:19 PM, on 11/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\netmedia.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\JANRAL~1\LOCALS~1\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

R3 - URLSearchHook: (no name) - {AACE51EA-9908-E6DC-7870-B9896A7932C4} - C:\WINDOWS\system32\fkdlg.dll (file missing)
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\system32\khfcbbc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {9A7920B9-ED0A-9ED9-7B90-C79E8B17079D} - C:\WINDOWS\system32\pcsierhb.dll (file missing)
O2 - BHO: (no name) - {AACE51EA-9908-E6DC-7870-B9896A7932C4} - C:\WINDOWS\system32\fkdlg.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [{29123221-3AF8-488c-85DE-6B3EC59E8074}] C:\WINDOWS\netmedia.exe -s
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKLM\..\Run: [qzz457fc] RUNDLL32.EXE w0471b8d.dll,n 006457f60000000a0471b8d
O4 - HKLM\..\Run: [win3208484168346] C:\WINDOWS\win3208484168346.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [{29123221-3AF8-488c-85DE-6B3EC59E8074}] C:\WINDOWS\netmedia.exe -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Toai] "C:\PROGRA~1\COMMON~1\SCURIT~1\javaw.exe" -vt yazb
O4 - HKCU\..\Run: [Cbtbpk] C:\WINDOWS\M?crosoft\n?tepad.exe
O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00330010-0000-0000-0000-000020160010} - http://207.234.185.217/ABoxInst_int25.exe
O16 - DPF: {05574F48-FEE1-4A0A-9013-B8A85C7C6CCE} (VacPro.int_ver20a) - http://www.muiegaozsicur.com/ocx/can_ver20a.CAB
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://64.69.85.208/mgaxctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://D:\CDVIEWER\CdViewer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: khfcbbc - khfcbbc.dll (file missing)
O21 - SSODL: CTEiNjJGIZs - {322B1209-9881-B8A3-9FBE-DD6262AB8BD6} - C:\WINDOWS\system32\nkl.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

teacup61
2006-11-08, 22:05
Hello,

We need to move HijackThis! to it's own permanent folder to ensure that we don't lose its backups. To make a permanent folder, double-click the My Computer icon on the desktop.
Click Local Disk C:.
File | New | Folder
A new folder called New Folder will be created.
Rename New Folder to HJT or HijackThis. Now move HijackThis! into the new folder you just created.
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R3 - URLSearchHook: (no name) - {AACE51EA-9908-E6DC-7870-B9896A7932C4} - C:\WINDOWS\system32\fkdlg.dll (file missing)
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\system32\khfcbbc.dll (file missing)
O2 - BHO: (no name) - {9A7920B9-ED0A-9ED9-7B90-C79E8B17079D} - C:\WINDOWS\system32\pcsierhb.dll (file missing)
O2 - BHO: (no name) - {AACE51EA-9908-E6DC-7870-B9896A7932C4} - C:\WINDOWS\system32\fkdlg.dll (file missing)
O4 - HKLM\..\Run: [{29123221-3AF8-488c-85DE-6B3EC59E8074}] C:\WINDOWS\netmedia.exe -s
O4 - HKLM\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKLM\..\Run: [qzz457fc] RUNDLL32.EXE w0471b8d.dll,n 006457f60000000a0471b8d
O4 - HKLM\..\Run: [win3208484168346] C:\WINDOWS\win3208484168346.exe
O4 - HKLM\..\RunServices: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKCU\..\Run: [{29123221-3AF8-488c-85DE-6B3EC59E8074}] C:\WINDOWS\netmedia.exe -s
O4 - HKCU\..\Run: [Toai] "C:\PROGRA~1\COMMON~1\SCURIT~1\javaw.exe" -vt yazb
O4 - HKCU\..\Run: [Cbtbpk] C:\WINDOWS\M?crosoft\n?tepad.exe
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {00330010-0000-0000-0000-000020160010} - http://207.234.185.217/ABoxInst_int25.exe
O16 - DPF: {05574F48-FEE1-4A0A-9013-B8A85C7C6CCE} (VacPro.int_ver20a) - http://www.muiegaozsicur.com/ocx/can_ver20a.CAB
O20 - Winlogon Notify: khfcbbc - khfcbbc.dll (file missing)
O21 - SSODL: CTEiNjJGIZs - {322B1209-9881-B8A3-9FBE-DD6262AB8BD6} - C:\WINDOWS\system32\nkl.dll (file missing)

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Navigate to and delete the following, if present:

C:\WINDOWS\netmedia.exe
c:\windows\system32\_mzu_stonedrv8.exe
C:\WINDOWS\win3208484168346.exe
C:\PROGRA~1\COMMON~1\SCURIT~1

you'll have to search for this to delete it:

w0471b8d.dll

Reboot your computer.

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously, along with a new HijackThis log in your next reply.


Thanks,
tea

high tech
2006-11-09, 03:21
hello Teacup,

Followed your instructions, here is the Dr. Web log and another highjack this log. Hope this works.

netmedia.exe;C:\WINDOWS;Probably DLOADER.Trojan;Incurable.Moved.;
backup-20061108-155550-107.dll;C:\Highjackthis\hijackthis\backups;Dialer.Vacpro;Incurable.Moved.;
A0001578.exe;C:\System Volume Information\_restore{AD5B2A9C-3318-4E8D-9058-C273F91A8832}\RP5;Tool.Prockill;Incurable.Moved.;
A0004293.EXE;C:\System Volume Information\_restore{AD5B2A9C-3318-4E8D-9058-C273F91A8832}\RP15;Joke.Geschenk;Incurable.Moved.;
A0004295.EXE;C:\System Volume Information\_restore{AD5B2A9C-3318-4E8D-9058-C273F91A8832}\RP15;Joke.Opros;Incurable.Moved.;
A0006779.exe;C:\System Volume Information\_restore{AD5B2A9C-3318-4E8D-9058-C273F91A8832}\RP22;Trojan.DownLoader.14300;Deleted.;
A0006780.dll;C:\System Volume Information\_restore{AD5B2A9C-3318-4E8D-9058-C273F91A8832}\RP22;Adware.Give4Free;Incurable.Moved.;
A0006781.exe;C:\System Volume Information\_restore{AD5B2A9C-3318-4E8D-9058-C273F91A8832}\RP22;Adware.Give4Free;Incurable.Moved.;
A0006782.exe;C:\System Volume Information\_restore{AD5B2A9C-3318-4E8D-9058-C273F91A8832}\RP22;Trojan.PurityAd;Deleted.;
00057261.OCX;C:\Recycled\NPROTECT;Dialer.Vacpro;Incurable.Moved.;

Logfile of HijackThis v1.99.1
Scan saved at 5:19:33 PM, on 11/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Highjackthis\hijackthis\HijackThis.exe
C:\Highjackthis\hijackthis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://64.69.85.208/mgaxctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://D:\CDVIEWER\CdViewer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

teacup61
2006-11-09, 17:37
Hello,

In the AVG program, there should be an option to save all reports, or something similar, in the settings. If you can check that, then run a scan with the directions below and get a report, that would be great. :)

Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

delete the following file :

c:\windows\system32\_mzu_stonedrv8.exe


In Safe Mode, load AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.


In your reply, please post the report from AVG and a new HijackThis log. Also let me know how your computer is running now. :)

Thanks,
tea

high tech
2006-11-10, 23:16
Hello tea,

Followed your instructions, here's the AVG report and a new highjackthis log.
My computer seems to be running better than it was, but after I completed your instructions, I ran Spybot again, The only threat it comes up with is "command service". It is still there! and Spybot cannot delete the registry keys. What next?
I'm going to have to send you the AVG report on several pages as it is 73,470 characters (20000 max) It will take at least 4 pages.



------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:31:23 AM 11/10/2006

+ Scan result:



C:\System Volume Information\_restore{AD5B2A9C-3318-4E8D-9058-C273F91A8832}\RP22\A0006783.dll -> Adware.PurityScan : Cleaned.
C:\Documents and Settings\DoctorWeb\Quarantine\A0006780.dll -> Hijacker.Small.ja : Cleaned.
C:\Documents and Settings\DoctorWeb\Quarantine\A0006781.exe -> Hijacker.Small.ja : Cleaned.
C:\Documents and Settings\Cookies\247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Cookies\2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Recycled\NPROTECT\00060987.TXT -> TrackingCookie.2o7 : Cleaned.
C:\Recycled\NPROTECT\00060988.TXT -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Cookies\adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00059966.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00059967.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00059976.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00059977.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00059992.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00059993.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00059998.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060013.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060014.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060020.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060021.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060033.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060034.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060039.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060046.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060047.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060053.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060065.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060066.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060073.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060074.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060084.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060085.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060093.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060094.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060102.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060103.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060108.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060110.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060121.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060122.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060131.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060132.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060147.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060148.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060152.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060153.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060162.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060163.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060174.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060175.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060181.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060182.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060197.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060198.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060216.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060217.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060230.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060231.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060237.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060238.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060248.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060249.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060252.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060253.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060265.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060266.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060272.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060273.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060284.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060285.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060291.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060292.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060305.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060306.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060318.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060319.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060328.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060329.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060349.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060350.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060356.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060357.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060376.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060377.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060383.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060384.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060405.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060406.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060412.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060413.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060425.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060426.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060432.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060433.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060447.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060448.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060455.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060456.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060472.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060473.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060482.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060483.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060495.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060496.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060506.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060507.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060530.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060531.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060540.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060541.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060551.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060552.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060558.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060559.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060571.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060572.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060581.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060582.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060595.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060596.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060605.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060606.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060620.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060621.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060630.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060631.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060643.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060644.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060649.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060650.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060689.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060690.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060696.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060697.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060907.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060908.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Cookies\rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Cookies\advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00059982.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00059983.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00059986.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00059987.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00059988.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060000.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060001.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060025.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060026.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060027.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060041.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060042.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060059.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060060.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060061.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060078.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060079.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060080.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060098.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060099.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060116.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060117.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060136.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060137.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060169.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060170.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060184.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060185.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060193.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060221.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060222.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060225.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060226.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060242.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060243.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060245.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060257.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060277.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060278.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060279.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060280.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060312.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060313.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060333.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060334.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060337.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060364.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060365.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060368.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060388.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060389.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060391.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060396.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060417.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060435.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060436.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060439.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060460.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060461.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060464.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060487.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060488.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060491.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060514.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060515.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060518.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060519.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060525.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060526.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060533.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060534.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060543.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060563.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060586.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060587.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060590.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060591.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060610.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060611.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060616.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060635.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060636.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060639.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060652.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060653.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060656.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060657.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060658.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060659.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060665.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060671.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060681.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060701.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060702.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Cookies\atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.

high tech
2006-11-10, 23:19
:\Documents and Settings\Cookies\atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Cookies\burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Cookies\www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Recycled\NPROTECT\00060901.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\Recycled\NPROTECT\00060934.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\Recycled\NPROTECT\00060970.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\Recycled\NPROTECT\00060975.TXT -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Cookies\casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00059950.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00059951.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060706.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060707.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060708.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060735.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060736.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060737.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060747.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060748.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060749.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060755.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060756.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060757.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060763.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060764.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060765.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060768.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060769.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060770.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060771.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060772.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060776.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060777.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060778.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060784.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060785.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060786.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060787.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060788.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060792.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060793.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060794.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060801.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060802.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060803.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060811.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060812.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060813.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060817.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060818.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060819.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060820.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060821.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060824.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060825.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060826.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060829.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060830.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060831.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060832.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060836.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060837.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060838.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060841.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060842.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060843.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060844.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060845.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060846.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060850.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060851.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060852.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060855.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060856.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060857.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060858.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060859.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060860.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060864.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060865.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060866.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060867.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060868.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060869.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060870.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060871.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060874.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060875.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060876.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060877.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060878.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060879.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060880.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060881.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060882.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060883.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060892.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060893.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060894.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060921.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060922.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060923.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060924.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060925.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060926.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060929.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060930.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060943.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060944.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060945.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060946.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060947.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060948.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060949.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060950.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060952.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060953.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060954.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060956.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060957.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060958.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060959.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060960.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060961.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060962.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00060963.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00062015.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00062016.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Recycled\NPROTECT\00062017.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Cookies\doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Cookies\adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Recycled\NPROTECT\00061419.TXT -> TrackingCookie.Euroclick : Cleaned.
C:\Recycled\NPROTECT\00061420.TXT -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Cookies\fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060704.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060705.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060709.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060710.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060718.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060719.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060721.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060722.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060723.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060724.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060725.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060731.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060732.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060733.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060734.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060739.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060740.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060743.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060744.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060745.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060746.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060750.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060751.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060753.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060754.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060758.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060759.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060760.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060761.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060766.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060767.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060773.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060774.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060782.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060783.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060789.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060790.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060799.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060800.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060804.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060805.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060807.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060808.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060809.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060810.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060814.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060815.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060816.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060822.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060823.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060827.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060828.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060833.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060834.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060835.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060839.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060840.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060847.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060848.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060849.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060853.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060854.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060861.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060862.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060863.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060872.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060873.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060890.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060891.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060896.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060897.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060899.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060900.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060902.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060903.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060920.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060931.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060932.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060933.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060935.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060936.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060940.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060941.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060942.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060966.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060967.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060968.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060971.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060972.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060973.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060974.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060976.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00060977.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00061990.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00061991.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00061992.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00061993.TXT -> TrackingCookie.Fastclick : Cleaned.

high tech
2006-11-10, 23:21
Recycled\NPROTECT\00060977.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00061990.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00061991.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00061992.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00061993.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00061994.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00061995.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00061999.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062000.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062001.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062002.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062003.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062004.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062005.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062006.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062008.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062009.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062010.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062011.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062013.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062014.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062018.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062019.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062035.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062036.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Cookies\overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Cookies\ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Recycled\NPROTECT\00060990.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\Recycled\NPROTECT\00060991.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\Recycled\NPROTECT\00060992.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\Recycled\NPROTECT\00061422.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\Recycled\NPROTECT\00061423.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\Recycled\NPROTECT\00061501.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\Recycled\NPROTECT\00061535.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\Recycled\NPROTECT\00061582.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\Recycled\NPROTECT\00061583.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Cookies\questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Cookies\statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Cookiestribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Cookies\pmads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Cookies\reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00059979.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00059980.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00059981.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060055.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060056.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060096.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060097.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060112.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060113.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060134.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060135.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060165.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060166.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060219.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060220.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060240.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060241.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060275.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060276.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060297.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060298.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060331.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060332.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060362.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060363.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060386.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060387.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060458.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060459.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060485.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060486.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060512.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060513.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060584.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060585.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060608.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060609.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060633.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060634.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060699.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060700.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Cookies\ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059955.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059956.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059957.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059958.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059959.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059960.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059961.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059962.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059963.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059964.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059965.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059969.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059970.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059971.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059972.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059973.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059974.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059975.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059984.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059985.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059989.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059990.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059991.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059996.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059997.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060008.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060009.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060010.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060011.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060012.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060017.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060018.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060019.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060023.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060024.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060028.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060029.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060030.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060031.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060032.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060037.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060038.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060044.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060045.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060050.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060051.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060052.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060057.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060058.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060062.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060063.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060064.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060069.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060070.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060071.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060072.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060076.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060077.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060081.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060082.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060083.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060087.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060088.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060089.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060090.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060091.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060092.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060100.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060101.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060106.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060107.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060109.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060114.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060115.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060118.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060119.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060120.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060125.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060126.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060127.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060128.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060129.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060130.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060139.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060140.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060141.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060142.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060143.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060144.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060145.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060146.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060150.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060151.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060156.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060157.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060158.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060159.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060160.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060161.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060167.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060168.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060171.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060172.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060173.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060178.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060179.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060180.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060189.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060190.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060191.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060192.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060194.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060195.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060196.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060210.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060211.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060212.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060213.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060214.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060215.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060223.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060224.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060227.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060228.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060229.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060234.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060235.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060236.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060246.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060247.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060255.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060256.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060258.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060259.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060260.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060269.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060270.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060271.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060281.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060282.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060283.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060288.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060289.TXT -> TrackingCookie.Yieldmanager : Cleaned.

high tech
2006-11-10, 23:22
Recycled\NPROTECT\00060977.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00061990.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00061991.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00061992.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00061993.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00061994.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00061995.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00061999.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062000.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062001.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062002.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062003.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062004.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062005.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062006.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062008.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062009.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062010.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062011.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062013.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062014.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062018.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062019.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062035.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Recycled\NPROTECT\00062036.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Cookies\overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Cookies\ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Recycled\NPROTECT\00060990.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\Recycled\NPROTECT\00060991.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\Recycled\NPROTECT\00060992.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\Recycled\NPROTECT\00061422.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\Recycled\NPROTECT\00061423.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\Recycled\NPROTECT\00061501.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\Recycled\NPROTECT\00061535.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\Recycled\NPROTECT\00061582.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\Recycled\NPROTECT\00061583.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Cookies\questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Cookies\statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Cookiestribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Cookies\pmads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Cookies\reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00059979.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00059980.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00059981.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060055.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060056.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060096.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060097.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060112.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060113.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060134.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060135.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060165.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060166.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060219.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060220.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060240.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060241.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060275.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060276.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060297.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060298.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060331.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060332.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060362.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060363.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060386.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060387.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060458.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060459.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060485.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060486.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060512.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060513.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060584.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060585.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060608.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060609.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060633.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060634.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060699.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Recycled\NPROTECT\00060700.TXT -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Cookies\ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059955.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059956.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059957.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059958.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059959.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059960.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059961.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059962.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059963.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059964.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059965.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059969.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059970.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059971.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059972.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059973.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059974.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059975.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059984.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059985.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059989.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059990.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059991.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059996.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00059997.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060008.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060009.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060010.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060011.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060012.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060017.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060018.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060019.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060023.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060024.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060028.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060029.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060030.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060031.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060032.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060037.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060038.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060044.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060045.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060050.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060051.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060052.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060057.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060058.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060062.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060063.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060064.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060069.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060070.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060071.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060072.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060076.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060077.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060081.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060082.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060083.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060087.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060088.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060089.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060090.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060091.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060092.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060100.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060101.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060106.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060107.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060109.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060114.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060115.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060118.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060119.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060120.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060125.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060126.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060127.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060128.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060129.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060130.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060139.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060140.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060141.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060142.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060143.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060144.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060145.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060146.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060150.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060151.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060156.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060157.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060158.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060159.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060160.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060161.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060167.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060168.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060171.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060172.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060173.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060178.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060179.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060180.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060189.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060190.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060191.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060192.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060194.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060195.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060196.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060210.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060211.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060212.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060213.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060214.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060215.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060223.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060224.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060227.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060228.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060229.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060234.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060235.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060236.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060246.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060247.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060255.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060256.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060258.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060259.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060260.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060269.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060270.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060271.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060281.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060282.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060283.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060288.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\Recycled\NPROTECT\00060289.TXT -> TrackingCookie.Yieldmanager : Cleaned.

high tech
2006-11-10, 23:24
Hello tea,

Here's the latest HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 12:53:15 PM, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Highjackthis\hijackthis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://64.69.85.208/mgaxctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://D:\CDVIEWER\CdViewer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

teacup61
2006-11-11, 00:40
Hello,

Can you give me the exact path to command.exe that Spybot is showing please?:) Thanks for the AVG report. It may be long, but it looks good.;)

I's also like for you to run ComboFix again, and post the report.

Thanks,
tea

high tech
2006-11-12, 09:11
hello tea

I don't know the exact path to command.exe. spybot indicates that it cannot delete 2 registry keys as follows: HKEY_LOCAL_MACHINE \system\control set 002\services\cmdservice and HKEY_LOCAL_MACHINE|system\current control set\services\cmdservice. I have tryed to delete those two keys manually and I can't do it. I ran combo fix again and have attached the log. Thnx.

- 06-11-11 22:48:47.71 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\WINDOWS\MCROSO~1
C:\QooBox\Purity\WINDOWS\SSEMBL~1
C:\QooBox\Purity\WINDOWS\MCROSO~1\n?tepad.exe
C:\QooBox\Purity\Program Files\Common Files\DOBE~1
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\s?curity
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\s?curity\ctxad-505.0000
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\s?curity\ctxad-505.0001
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\s?curity\ctxad-505.0002
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\s?curity\ctxad-505.0003
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\s?curity\ctxad-505.0004
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\s?curity\ctxad-505.0005
C:\QooBox\Purity\Documents and Settings\Application Data\TSKS~1


((((((((((((((((((((((((((((((( Files Created from 2006-10-11 to 2006-11-11 ))))))))))))))))))))))))))))))))))


2006-11-07 16:20 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-24 21:20 1 --a------ C:\WINDOWS\system32\au3305adc.dll
2006-10-24 21:19 39,264 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2006-10-23 17:11 2 --a------ C:\WINDOWS\system32\wnscpsv.exe
2006-10-23 17:11 1,259 --a------ C:\WINDOWS\system32\qzz457fc.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-30 09:41 125 ---hs---- C:\Documents and Settings\Application Data\.zreglib
2006-10-29 12:24 -------- d-------- C:\Documents and Settings\Application Data\Sun
2006-10-29 12:20 -------- d-------- C:\Program Files\Java
2006-10-24 21:22 -------- d-------- C:\Documents and Settings\Application Data\dvdcss
2006-10-24 21:19 -------- d-------- C:\Program Files\Apollo DVD Copy
2006-10-24 17:22 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-10-23 17:11 -------- d--h----- C:\Program Files\BHO Plugin
2006-10-23 17:07 -------- d-------- C:\Program Files\WinRAR
2006-10-05 11:11 875 --a------ C:\Documents and Settings\Application Data\AdobeDLM.log
2006-10-05 11:11 0 --a------ C:\Documents and Settings\Application Data\dm.ini
2006-09-15 22:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:52 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-12 22:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 08:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 05:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 02:14 23040 --a------ C:\WINDOWS\system32\fltMc.exe
2006-08-16 04:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"Advanced Tools Check"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NWEReboot"=""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,3f,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{0E24427B-DF2A-40EB-980B-A819F5FF3DD0}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Background Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\EPSON Background Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\EPSON Background Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\EPSON\\ESM2\\STMS.exe "
"item"="EPSON Background Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="point32"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="type32"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wwDisp"
"hkey"="HKCU"
"command"="C:\\Program Files\\Webroot\\Washer\\wwDisp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-11-11 22:49:31.60
C:\ComboFix2.txt ... 06-11-04 16:49
C:\ComboFix.txt ... 06-11-11 22:49

teacup61
2006-11-14, 03:22
Hello,


Usually when command service shows repeatedly it is because of the method ad-aware
uses to remove it. It leave's a harmless registry key with modified permissions.

Please download and unzip Ren-cmdservice to your desktop.
http://downloads.subratam.org/Lon/ren-cmdservice.zip
Open the ren-cmdservice folder by doubleclicking it and then doubleclick the
ren-cmdservice.bat file to run the program.

A text will open when it is finished, Post it please.
Then restart the PC run SpyBot check for and fix any problems found.
When next you check for problems it wont or shouldnt be there.

alternate download
http://www.bleepingcomputer.com/file...cmdservice.zip

Thanks,
tea

high tech
2006-11-16, 06:47
Hello Tea,

I down loaded and ran Ren-cmdservice. It successfully deleted the command service registry keys! I rebooted and ran spybot, it came up clean! Thank you very much for your help!! I'm telling all my associates about the great service you provided. My computer has never ran so well. Awesome job!!




Running from C:\Documents and Settings\Desktop\ren-cmdservice
No Image Path Listed in Registry

-----------------
Deleting cmdservice key
cmdservice key deleted
..
-----------------
Commandline utilities (SWReg and SWSC)
Written by Bobbi Flekman © 2005
-----------------
Finised, Post this text then
Please Restart your PC
ren-cmdservice.bat edited 6-25-2006
-----------------

teacup61
2006-11-16, 07:55
Hello,

Glad it worked! :D: Thanks to LonnyRJones for pointing us in that direction.;)

Pass this along to your associated as well, when you tattle on us :laugh: : http://mvps.org/winhelp2002/unwanted.htm

Take care!
tea

LonnyRJones
2006-11-26, 00:46
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.

If you should need to post another log for the same PC let one of us know via a PM (personal message).