Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

virus ? [RESOLVED]

Started by matt66666 , Sep 12 2006 01:32 PM

This topic is locked

#1
matt66666

Posted 12 September 2006 - 01:32 PM

Member

Member
32 posts

hi guys hope you can help my computer seems to be running slower than normal and takes a long time to start up when i first got the computer it was unworkable since then i have updated to windows sp2 and according to windows update have all the lastest protection i have and reguruly run and updated AVG, spybot search and destroy, ad aware, cws shredder, spyblaster they found hundreds of promblems which were all fixed and now come up blank but am am fairly sure there is something still wrong. when my computer starts i get the message w01a39fd.dll, is missing or can not be found? also these two have been previously removed by avg zvoe.exe gjiys.exe but as you will see are still in the logfile, my computer also seems to be prone to crashing i dont know much about computers and cant tell u much more i,m afraid any questions you have i will try my best to answer .

thank you

here is my log file

Logfile of HijackThis v1.99.1
Scan saved at 8:22:52 PM, on 12/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Kirby Alarm\kirbyalarm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bestwood\Desktop\anti virus\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [whc542a9] RUNDLL32.EXE w01a39fd.dll,n 003542a60000000a01a39fd
O4 - HKLM\..\Run: [Workflow] Q:\Workflow.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [RPC Service] zvoe.exe
O4 - HKLM\..\RunServices: [Mgsgi service] gjiys.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Kirby Alarm.lnk = C:\Program Files\Kirby Alarm\kirbyalarm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Bet Hold'em Poker - {1BB3B2DD-30A2-4231-9547-B61760F0BF86} - C:\Program Files\betholdemMPP\MPPoker.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Stan James Poker.com Poker - {7F2F6F5A-CAE2-4954-A461-36B3757B2BFB} - C:\Program Files\stanjamesgibMPP\MPPoker.exe
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner....leanerstart.cab
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/S.../Sidesearch.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104687630078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1156697673593
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn....easeInstall.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39831B4C-7179-40D2-9BD2-4929E58C5CF9}: NameServer = 212.67.120.148 212.67.96.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{39831B4C-7179-40D2-9BD2-4929E58C5CF9}: NameServer = 212.67.120.148 212.67.96.129
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: windows logon - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)

#2
Crustyoldbloke

Posted 12 September 2006 - 02:00 PM

Old Malware Surgeon with a shaky scalpel

Retired Staff
15,131 posts

Hello Matt

I just took a quick peek at your HJT log and whilst I can see a few Trojans and the reason for your boot error, I don't think we are seeing everything. This is outside of your control, caused by some malware being programmed to hide when interrogated by HJT. To remedy this please right click on hijackthis.exe and rename it to crusty.exe then rescan and post a fresh HJT log.

#3
matt66666

Posted 12 September 2006 - 02:05 PM

Member

Topic Starter
Member
32 posts

thanks for your speedy reply

here is the log

Logfile of HijackThis v1.99.1
Scan saved at 9:04:19 PM, on 12/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Kirby Alarm\kirbyalarm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ladbrokesMPP\MPPoker.exe
C:\Documents and Settings\Bestwood\Desktop\anti virus\crusty.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
O2 - BHO: (no name) - {1A4886E2-7EAF-495B-A191-CAB5D9347D6D} - C:\WINDOWS\System32\nnnolmm.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E7279B8-5B8C-4215-A771-B69D830FD9F0} - C:\WINDOWS\System32\pmkjh.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [whc542a9] RUNDLL32.EXE w01a39fd.dll,n 003542a60000000a01a39fd
O4 - HKLM\..\Run: [Workflow] Q:\Workflow.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [RPC Service] zvoe.exe
O4 - HKLM\..\RunServices: [Mgsgi service] gjiys.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Kirby Alarm.lnk = C:\Program Files\Kirby Alarm\kirbyalarm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Bet Hold'em Poker - {1BB3B2DD-30A2-4231-9547-B61760F0BF86} - C:\Program Files\betholdemMPP\MPPoker.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Stan James Poker.com Poker - {7F2F6F5A-CAE2-4954-A461-36B3757B2BFB} - C:\Program Files\stanjamesgibMPP\MPPoker.exe
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner....leanerstart.cab
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/S.../Sidesearch.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104687630078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1156697673593
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn....easeInstall.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39831B4C-7179-40D2-9BD2-4929E58C5CF9}: NameServer = 212.67.120.148 212.67.96.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{39831B4C-7179-40D2-9BD2-4929E58C5CF9}: NameServer = 212.67.120.148 212.67.96.129
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\l28mlcl11fq.dll (file missing)
O20 - Winlogon Notify: nnnolmm - C:\WINDOWS\SYSTEM32\nnnolmm.dll
O20 - Winlogon Notify: pmkjh - C:\WINDOWS\System32\pmkjh.dll
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\chrtcli.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: windows logon - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)

#4
Crustyoldbloke

Posted 12 September 2006 - 02:24 PM

Old Malware Surgeon with a shaky scalpel

Retired Staff
15,131 posts

Hello Matt and welcome to Geeks to Go

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! (Click the Options drop down near the upper right of the topic. Select Print this topic.)

You have quite a mixture of malware and Trojans including a ConHook infection, which is the downloader for Vundo, as I thought it was hiding Let’s see what we can do.

Firstly could you please disable Windows Defender. Open Windows Defender. Click Tools, and then click General Settings. Under Protection options, clear the Use Windows Defender to help protect my computer check box. Then click Save

Please download VundoFix.exe to your desktop

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log, from normal mode, in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

If Vundofix does not find and delete the files, please try running it bit differently:

Double-click VundoFix.exe to run it.
You will receive a message saying Vundofix will close and re-open in a minute or less. Click OK.
When VundoFix re-opens, click Scan for Vundo button.
Once the scan is complete, right-click inside the listbox (white box) and click Add more files?
Copy & paste the 2 entries below into the top 2 boxes:
- C:\WINDOWS\System32\pmkjh.dll
- C:\WINDOWS\System32\hjkmp.*
Click Add Files and click Close Window.
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a fresh HiJackThis log, from normal mode.

#5
matt66666

Posted 12 September 2006 - 03:12 PM

Member

Topic Starter
Member
32 posts

ok brilliant here are the logs you asked for

VundoFix V6.1.5

Checking Java version...

Java version is 1.5.0.6

Scan started at 9:55:35 PM 12/09/2006

Listing files found while scanning....

C:\WINDOWS\system32\fccywvv.dll
C:\WINDOWS\system32\ljjgdab.dll
C:\WINDOWS\system32\ljjhhff.dll
C:\WINDOWS\system32\mljiihi.dll
C:\WINDOWS\system32\nnnolmm.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.bak2
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\tuvsrqo.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fccywvv.dll
C:\WINDOWS\system32\fccywvv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjgdab.dll
C:\WINDOWS\system32\ljjgdab.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjhhff.dll
C:\WINDOWS\system32\ljjhhff.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljiihi.dll
C:\WINDOWS\system32\mljiihi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnolmm.dll
C:\WINDOWS\system32\nnnolmm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkmp.bak2
C:\WINDOWS\system32\hjkmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvsrqo.dll
C:\WINDOWS\system32\tuvsrqo.dll Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 10:11:33 PM, on 12/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Kirby Alarm\kirbyalarm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bestwood\Desktop\anti virus\crusty.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {1A4886E2-7EAF-495B-A191-CAB5D9347D6D} - C:\WINDOWS\System32\nnnolmm.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E7279B8-5B8C-4215-A771-B69D830FD9F0} - C:\WINDOWS\System32\pmkjh.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [whc542a9] RUNDLL32.EXE w01a39fd.dll,n 003542a60000000a01a39fd
O4 - HKLM\..\Run: [Workflow] Q:\Workflow.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [RPC Service] zvoe.exe
O4 - HKLM\..\RunServices: [Mgsgi service] gjiys.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Kirby Alarm.lnk = C:\Program Files\Kirby Alarm\kirbyalarm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Bet Hold'em Poker - {1BB3B2DD-30A2-4231-9547-B61760F0BF86} - C:\Program Files\betholdemMPP\MPPoker.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Stan James Poker.com Poker - {7F2F6F5A-CAE2-4954-A461-36B3757B2BFB} - C:\Program Files\stanjamesgibMPP\MPPoker.exe
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner....leanerstart.cab
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/S.../Sidesearch.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104687630078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1156697673593
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn....easeInstall.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39831B4C-7179-40D2-9BD2-4929E58C5CF9}: NameServer = 212.67.120.148 212.67.96.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{39831B4C-7179-40D2-9BD2-4929E58C5CF9}: NameServer = 212.67.120.148 212.67.96.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{39831B4C-7179-40D2-9BD2-4929E58C5CF9}: NameServer = 212.67.120.148 212.67.96.129
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\l28mlcl11fq.dll (file missing)
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\chrtcli.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: windows logon - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)

#6
matt66666

Posted 12 September 2006 - 03:13 PM

Member

Topic Starter
Member
32 posts

also shall i keep windows defender disabled?

#7
Crustyoldbloke

Posted 12 September 2006 - 05:40 PM

Old Malware Surgeon with a shaky scalpel

Retired Staff
15,131 posts

Hello again Matt

Yes, please keep Windows Defender disabled until you are declared clean.

To start please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

CCleaner
Ewido Anti Spyware
combofix.exe

Go to Start>Run and type Services.msc then hit OK
Scroll down and find this service:

windows logon

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on Properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then OK.

Run HiJackThis. Click on None of the above, just start the program. Now, click on the Config button (bottom right), then click on Misc Tools, then click on Delete an NT Service a window will pop up. Enter this item into that field (copy and paste):

windows logon

Click OK.

It should pull up information about the service, when it asks if you want to reboot now click YES

Please install, and update Ewido anti-spyware

Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Please select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Deselect "Only if threats were found"
Close Ewido. Do not run it yet.

Next, please reboot your computer in Safe Mode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:

Safe Mode

In Safe Mode, load Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be patient.
Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (I suggest the Desktop).
Please ensure you post that log in your reply.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {1A4886E2-7EAF-495B-A191-CAB5D9347D6D} - C:\WINDOWS\System32\nnnolmm.dll (file missing)
O2 - BHO: (no name) - {7E7279B8-5B8C-4215-A771-B69D830FD9F0} - C:\WINDOWS\System32\pmkjh.dll (file missing)
O4 - HKLM\..\Run: [whc542a9] RUNDLL32.EXE w01a39fd.dll,n 003542a60000000a01a39fd
O4 - HKLM\..\RunServices: [RPC Service] zvoe.exe
O4 - HKLM\..\RunServices: [Mgsgi service] gjiys.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner....leanerstart.cab
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/S.../Sidesearch.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn....easeInstall.cab
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\l28mlcl11fq.dll (file missing)
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\chrtcli.dll (file missing)
O23 - Service: windows logon - Unknown owner - C:\WINDOWS\winlogon.exe (file missing

Now close all windows other than HiJackThis, then click Fix Checked.

Please set your system to show all files; please see here if you're unsure how to do this.

Please delete these files (if present) using Search:

w01a39fd.dll
zvoe.exe
gjiys.exe

Close Windows Explorer and Reboot normally

Now we must hide the files we revealed earlier by reversing the process, this is an important safeguard to stop important system files being deleted by accident.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the system tab, and under the heading of Applications uncheck Ewido Security Suite log then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues – fix selected issues

Double click combofix.exe & follow the prompts.

When it has finished, it will produce a log. Please post that log in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back a fresh HijackThis log (from normal mode) and I will take another look. (3 logs in total please).

#8
matt66666

Posted 13 September 2006 - 02:21 PM

Member

Topic Starter
Member
32 posts

thank for that crusty i have posted the logs u asked for below first just a few questions when i ran the scan with ewido with one file i got the message the file C:/RECYCLER/NPROTECT/00002364.TXT/drxvp.exe cannot be quarantined because it is embedded in the archive C:/RECYCLER/NPROTECT/00002364.TXT do you want to delete the whole archive i thought i should click yes but was no sure so clicked no, also when removing the entries from the hijack this log file the very last one O23 - Service: windows logon - Unknown owner - C:\WINDOWS\ winlogon.exe(file missing) was not there just thought i would mention any way your logs

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:33:47 13/09/2006

+ Scan result:

HKU\.DEFAULT\Software\BTGrab -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\BTGrab -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP235\A0053295.exe -> Adware.Casino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473} -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP250\A0054786.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP250\A0054787.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP250\A0054788.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP250\A0054789.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP250\A0054790.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP250\A0054793.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\fccywvv.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ljjgdab.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ljjhhff.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\mljiihi.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\nnnolmm.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\tuvsrqo.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\pnky.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002364.TXT/drxvp.exe -> Downloader.Adload.ee : Error during cleaning.
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP207\A0036752.exe/drxvp.exe -> Downloader.Adload.ee : Error during cleaning.
C:\WINDOWS\system32\config\drxvp.exe -> Downloader.Adload.ee : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP250\A0054700.exe -> Downloader.Agent.aqh : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\errorsafenewreleaseinstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001888.CAB/UERS_9999_N91S2507NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Error during cleaning.
C:\RECYCLER\NPROTECT\00001889.EXE -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP250\A0054743.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gkwjtqoc.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jeloqyxa.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
:mozilla.125:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.201:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.202:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.204:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.205:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.206:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.209:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.210:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.211:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.212:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.213:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.214:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.216:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001760.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.510:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Ad-logics : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001373.TXT -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001375.TXT -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001739.TXT -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001740.TXT -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001742.TXT -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001763.TXT -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001777.TXT -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001787.TXT -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002508.TXT -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.357:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.396:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.397:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.152:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.153:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.154:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.155:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.295:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.296:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001769.TXT -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.21:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.22:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.23:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.24:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.26:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.27:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.28:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.29:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.30:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.31:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.32:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.33:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.34:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.35:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.36:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.37:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.38:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.39:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.40:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.41:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.42:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.43:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.44:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.45:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.46:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.47:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.48:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.49:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.50:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.51:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.52:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.53:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.54:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.55:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.56:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.57:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.58:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.59:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.60:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.61:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.62:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.63:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.64:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.65:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.66:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.67:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.68:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.69:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.70:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002532.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.319:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Adviva : Cleaned with backup (quarantined).
:mozilla.320:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Adviva : Cleaned with backup (quarantined).
:mozilla.321:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Adviva : Cleaned with backup (quarantined).
:mozilla.18:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001771.TXT -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001774.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup (quarantined).
:mozilla.227:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.276:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.128:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.191:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.192:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.193:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.194:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.168:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.171:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\eoagn85o.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
:mozilla.199:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001779.TXT -> TrackingCookie.Cliks : Cleaned with backup (quarantined).
:mozilla.172:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.173:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001505.TXT -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001506.TXT -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001507.TXT -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001781.TXT -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.71:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001229.TXT -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001391.TXT -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001392.TXT -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001782.TXT -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.331:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
:mozilla.184:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.185:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.186:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.188:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.189:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.190:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.191:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.196:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.197:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.198:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.199:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.308:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.309:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.310:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.311:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.312:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.313:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.314:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.315:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.315:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.316:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.242:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.243:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.244:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.246:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.260:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.261:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.262:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.263:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.264:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.129:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.130:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.131:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.132:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002647.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002648.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002649.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002653.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002654.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002655.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.492:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Gator : Cleaned with backup (quarantined).
:mozilla.522:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Gator : Cleaned with backup (quarantined).
:mozilla.523:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Gator : Cleaned with backup (quarantined).
:mozilla.524:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Gator : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\eoagn85o.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\eoagn85o.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.300:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.307:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.338:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.448:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.449:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.450:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.451:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.184:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.185:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.186:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.187:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.217:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.229:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.230:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.231:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.232:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.400:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.526:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.527:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Bestwood\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Bestwood\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Bestwood\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Bestwood\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Bestwood\Cookies\bestwood@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Bestwood\Cookies\bestwood@hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001348.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001349.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001513.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001514.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001515.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001516.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001784.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001785.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001791.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.298:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).
:mozilla.393:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hypertracker : Cleaned with backup (quarantined).
:mozilla.394:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hypertracker : Cleaned with backup (quarantined).
:mozilla.516:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Internetfuel : Cleaned with backup (quarantined).
:mozilla.517:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Internetfuel : Cleaned with backup (quarantined).
:mozilla.518:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Internetfuel : Cleaned with backup (quarantined).
:mozilla.519:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Internetfuel : Cleaned with backup (quarantined).
:mozilla.520:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Internetfuel : Cleaned with backup (quarantined).
:mozilla.238:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Linkbuddies : Cleaned with backup (quarantined).
:mozilla.457:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.92:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.93:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001795.TXT -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.401:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.402:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.268:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.271:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.497:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.498:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.270:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
:mozilla.443:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
:mozilla.122:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.123:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.279:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.280:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.219:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001320.TXT -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001321.TXT -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001322.TXT -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001804.TXT -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002698.TXT -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002699.TXT -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.169:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.291:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001799.TXT -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.72:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.73:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.74:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.75:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.76:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.77:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001773.TXT -> TrackingCookie.Searchingbooth : Cleaned with backup (quarantined).
:mozilla.220:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.221:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.222:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.223:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.224:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.85:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.378:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.379:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.380:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.381:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.388:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.406:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.407:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.408:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.409:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.410:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.426:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.310:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.297:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
:mozilla.469:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.470:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.254:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.255:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.311:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.312:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.313:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.314:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001794.TXT -> TrackingCookie.Top-banners : Cleaned with backup (quarantined).
:mozilla.237:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.328:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.266:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Trafic : Cleaned with backup (quarantined).
:mozilla.127:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.329:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.160:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.161:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.162:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.331:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.287:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.288:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.289:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.290:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.326:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.327:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.371:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.389:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.475:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.476:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.480:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.482:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.483:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.486:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.487:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.488:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.538:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.539:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001230.TXT -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001805.TXT -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.343:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001220.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001222.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001223.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001231.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001232.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001240.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001241.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001242.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001285.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001286.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001287.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001288.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001336.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001337.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001338.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001362.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001363.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001364.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001388.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001389.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001390.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001398.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001399.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001400.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001401.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001404.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001405.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001406.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001407.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001408.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001410.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001411.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001413.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001414.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001416.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001417.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001419.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001420.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001421.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001422.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001423.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001427.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001428.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001430.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001454.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001455.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001456.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001462.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001463.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001464.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001476.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001477.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001478.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001487.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001488.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001489.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001497.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001498.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001499.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001520.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001521.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001522.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001535.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001536.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001537.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001540.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001541.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001542.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001543.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001544.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001545.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001546.TXT -> TrackingCookie.Yi

#9
matt66666

Posted 13 September 2006 - 02:26 PM

Member

Topic Starter
Member
32 posts

it has cut of some logs dont know why?

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:33:47 13/09/2006

+ Scan result:

HKU\.DEFAULT\Software\BTGrab -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\BTGrab -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP235\A0053295.exe -> Adware.Casino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473} -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP250\A0054786.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP250\A0054787.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP250\A0054788.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP250\A0054789.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP250\A0054790.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP250\A0054793.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\fccywvv.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ljjgdab.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ljjhhff.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\mljiihi.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\nnnolmm.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\tuvsrqo.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\pnky.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002364.TXT/drxvp.exe -> Downloader.Adload.ee : Error during cleaning.
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP207\A0036752.exe/drxvp.exe -> Downloader.Adload.ee : Error during cleaning.
C:\WINDOWS\system32\config\drxvp.exe -> Downloader.Adload.ee : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP250\A0054700.exe -> Downloader.Agent.aqh : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\errorsafenewreleaseinstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001888.CAB/UERS_9999_N91S2507NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Error during cleaning.
C:\RECYCLER\NPROTECT\00001889.EXE -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP250\A0054743.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gkwjtqoc.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jeloqyxa.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
:mozilla.125:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.201:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.202:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.204:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.205:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.206:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.209:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.210:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.211:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.212:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.213:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.214:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.216:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001760.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.510:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Ad-logics : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001373.TXT -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001375.TXT -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001739.TXT -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001740.TXT -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001742.TXT -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001763.TXT -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001777.TXT -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001787.TXT -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002508.TXT -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.357:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.396:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.397:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.152:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.153:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.154:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.155:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.295:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.296:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001769.TXT -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.21:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.22:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.23:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.24:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.25:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.26:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.27:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.28:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.29:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.30:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.31:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.32:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.33:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.34:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.35:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.36:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.37:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.38:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.39:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.40:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.41:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.42:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.43:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.44:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.45:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.46:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.47:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.48:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.49:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.50:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.51:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.52:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.53:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.54:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.55:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.56:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.57:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.58:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.59:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.60:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.61:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.62:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.63:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.64:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.65:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.66:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.67:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.68:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.69:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.70:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002532.TXT -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.319:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Adviva : Cleaned with backup (quarantined).
:mozilla.320:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Adviva : Cleaned with backup (quarantined).
:mozilla.321:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Adviva : Cleaned with backup (quarantined).
:mozilla.18:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001771.TXT -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001774.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup (quarantined).
:mozilla.227:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.276:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.128:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.191:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.192:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.193:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.194:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.168:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.171:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\eoagn85o.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
:mozilla.199:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001779.TXT -> TrackingCookie.Cliks : Cleaned with backup (quarantined).
:mozilla.172:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.173:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001505.TXT -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001506.TXT -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001507.TXT -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001781.TXT -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.71:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001229.TXT -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001391.TXT -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001392.TXT -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001782.TXT -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.331:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
:mozilla.184:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.185:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.186:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.188:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.189:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.190:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.191:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.196:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.197:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.198:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.199:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.308:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.309:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.310:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.311:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.312:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.313:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.314:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.315:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.315:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.316:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.242:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.243:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.244:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.246:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.260:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.261:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.262:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.263:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.264:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.129:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.130:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.131:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.132:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002647.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002648.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002649.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002653.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002654.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002655.TXT -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.492:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Gator : Cleaned with backup (quarantined).
:mozilla.522:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Gator : Cleaned with backup (quarantined).
:mozilla.523:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Gator : Cleaned with backup (quarantined).
:mozilla.524:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Gator : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\eoagn85o.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\eoagn85o.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.300:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.307:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.338:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.448:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.449:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.450:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.451:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.184:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.185:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.186:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.187:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.217:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.229:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.230:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.231:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.232:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.400:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.526:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.527:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Bestwood\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Bestwood\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Bestwood\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Bestwood\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Bestwood\Cookies\bestwood@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Bestwood\Cookies\bestwood@hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001348.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001349.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001513.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001514.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001515.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001516.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001784.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001785.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001791.TXT -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.298:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).
:mozilla.393:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hypertracker : Cleaned with backup (quarantined).
:mozilla.394:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Hypertracker : Cleaned with backup (quarantined).
:mozilla.516:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Internetfuel : Cleaned with backup (quarantined).
:mozilla.517:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Internetfuel : Cleaned with backup (quarantined).
:mozilla.518:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Internetfuel : Cleaned with backup (quarantined).
:mozilla.519:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Internetfuel : Cleaned with backup (quarantined).
:mozilla.520:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Internetfuel : Cleaned with backup (quarantined).
:mozilla.238:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Linkbuddies : Cleaned with backup (quarantined).
:mozilla.457:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.92:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.93:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001795.TXT -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.401:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.402:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.268:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.271:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.497:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.498:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.270:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
:mozilla.443:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
:mozilla.122:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.123:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.279:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.280:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.219:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001320.TXT -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001321.TXT -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001322.TXT -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001804.TXT -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002698.TXT -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002699.TXT -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.169:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.291:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001799.TXT -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.72:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.73:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.74:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.75:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.76:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.77:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001773.TXT -> TrackingCookie.Searchingbooth : Cleaned with backup (quarantined).
:mozilla.220:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.221:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.222:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.223:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.224:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.85:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.378:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.379:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.380:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.381:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.388:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.406:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.407:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.408:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.409:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.410:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.426:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.310:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.297:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
:mozilla.469:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.470:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.254:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.255:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.311:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.312:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.313:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.314:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001794.TXT -> TrackingCookie.Top-banners : Cleaned with backup (quarantined).
:mozilla.237:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.328:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.266:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Trafic : Cleaned with backup (quarantined).
:mozilla.127:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.329:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.160:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.161:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.162:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.331:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.287:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.288:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.289:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.290:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.326:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.327:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.371:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.389:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.475:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.476:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.480:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.482:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.483:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.486:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.487:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.488:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.538:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.539:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001230.TXT -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001805.TXT -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.343:C:\Documents and Settings\Bestwood\Application Data\Mozilla\Firefox\Profiles\8hmdhl9r.Default User\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001220.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001222.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001223.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001231.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001232.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001240.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001241.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001242.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001285.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001286.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001287.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001288.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001336.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001337.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001338.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001362.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001363.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001364.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001388.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001389.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001390.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001398.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001399.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001400.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001401.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001404.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001405.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001406.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001407.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001408.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001410.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001411.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001413.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001414.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001416.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001417.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001419.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001420.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001421.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001422.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001423.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001427.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001428.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001430.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001454.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001455.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001456.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001462.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001463.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001464.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001476.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001477.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001478.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001487.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001488.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001489.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001497.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001498.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001499.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001520.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001521.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001522.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001535.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001536.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001537.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001540.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001541.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001542.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001543.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001544.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001545.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001546.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001630.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001633.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001634.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001663.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001664.TXT -&

#10
matt66666

Posted 13 September 2006 - 02:28 PM

Member

Topic Starter
Member
32 posts

i checked the length but it isnt showing all the logs do you know why

#11
Crustyoldbloke

Posted 13 September 2006 - 02:33 PM

Old Malware Surgeon with a shaky scalpel

Retired Staff
15,131 posts

Too long Matt!

Post the HJT log and combofix log and the bottom portion of the Ewido log.

#12
matt66666

Posted 13 September 2006 - 02:53 PM

Member

Topic Starter
Member
32 posts

ok sorry

C:\RECYCLER\NPROTECT\00001666.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001684.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001685.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001686.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001688.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001689.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001690.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001691.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001703.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001704.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001706.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001724.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001727.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001731.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001732.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001733.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001754.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001757.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001758.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001765.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001959.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001964.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001967.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002147.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002151.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002268.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002271.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002274.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002278.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002291.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002293.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002338.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002343.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002345.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002357.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002507.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002526.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002527.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002528.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002539.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002540.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002604.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002605.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002607.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002610.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002612.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002613.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002614.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002616.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002617.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002626.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002627.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00002628.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.419:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.420:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.421:C:\RECYCLER\NPROTECT\00001730.OLD -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\moneyspl.exe -> Trojan.Kolweb.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qmc977.dll -> Trojan.Kolweb.a : Cleaned with backup (quarantined).

thats the rest

Bestwood - 06-09-13 20:59:37.81
ComboFix 06.09.11B - Running from: C:\Documents and Settings\Bestwood\Desktop

Microsoft Windows XP [Version 5.1.2600]

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Bestwood\Application Data\Sskdmns.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((( Files Created from 2006-08-13 to 2006-09-13 ))))))))))))))))))))))))))))))))))

2006-09-12 00:54 106,496 --a------ C:\WINDOWS\system32\atl71.dll
2006-09-11 22:08 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-09-11 21:38 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-09-08 22:13 96,768 --a------ C:\WINDOWS\system32\UnPoker.exe
2006-09-07 13:30 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2006-09-07 13:30 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2006-09-07 13:30 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2006-08-30 18:18 106,496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll
2006-08-30 18:13 45,056 --a------ C:\WINDOWS\system32\UserDir98.dll
2006-08-30 18:13 274,432 --a------ C:\WINDOWS\system32\FFTIFF16.dll
2006-08-30 18:13 155,648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL
2006-08-30 18:11 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
2006-08-30 18:11 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
2006-08-30 18:11 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
2006-08-30 18:11 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
2006-08-27 18:40 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-08-27 16:24 98,304 --a------ C:\WINDOWS\system32\E_SAGSET.DLL
2006-08-27 16:24 79,622 --a------ C:\WINDOWS\system32\EBPMON24.DLL
2006-08-27 16:24 64,000 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2006-08-27 16:24 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2006-08-27 16:24 31,744 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2006-08-23 17:19 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-08-23 00:31 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-08-23 00:31 5,906,432 --------- C:\WINDOWS\system32\ieframe.dll
2006-08-23 00:31 457,728 --------- C:\WINDOWS\system32\msfeeds.dll
2006-08-23 00:31 175,616 --------- C:\WINDOWS\system32\ieui.dll
2006-08-23 00:18 206,336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-08-23 00:13 11,776 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-08-23 00:11 12,288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-08-23 00:10 61,440 --------- C:\WINDOWS\system32\icardie.dll
2006-08-23 00:09 262,656 --------- C:\WINDOWS\system32\iertutil.dll
2006-08-22 23:36 380,928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-08-22 20:37 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-08-22 20:37 39,936 --a------ C:\WINDOWS\system32\mf3216.dll
2006-08-22 20:37 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-08-22 20:34 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-08-22 20:34 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2006-08-22 20:34 171,280 --a------ C:\WINDOWS\system32\jit.dll
2006-08-22 20:34 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-08-22 20:33 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2006-08-22 20:33 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2006-08-22 20:33 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2006-08-22 20:33 404,752 --a------ C:\WINDOWS\system32\javart.dll
2006-08-22 20:33 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2006-08-22 20:33 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2006-08-22 20:33 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2006-08-22 20:33 172,304 --a------ C:\WINDOWS\system32\jview.exe
2006-08-22 20:33 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2006-08-22 20:33 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2006-08-22 20:33 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2006-08-22 20:33 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-08-22 20:33 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2006-08-22 20:22 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2006-08-22 14:43 5,606 --a------ C:\WINDOWS\system32\stci.dll
2006-08-21 20:38 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-08-21 20:38 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-08-21 17:36 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-09-13 20:54 -------- d-------- C:\Program Files\CCleaner
2006-09-13 19:30 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-13 19:03 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-12 23:32 -------- d-------- C:\Program Files\ladbrokesMPP
2006-09-12 22:52 -------- d-------- C:\Documents and Settings\Bestwood\Application Data\Microgaming
2006-09-12 20:13 -------- d-------- C:\Program Files\SpywareBlaster
2006-09-11 22:08 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-11 22:03 -------- d-------- C:\Program Files\WON
2006-09-11 21:55 -------- d-------- C:\Program Files\Internet Explorer
2006-09-11 20:10 -------- d-------- C:\Program Files\William Hill Poker
2006-09-11 19:14 -------- d-------- C:\Program Files\betholdemMPP
2006-09-09 20:09 -------- d-------- C:\Program Files\PacificPoker
2006-09-08 22:03 -------- d-------- C:\Program Files\Kirby Alarm
2006-09-08 19:41 -------- d-------- C:\Program Files\stanjamesgibMPP
2006-09-08 19:19 -------- d-------- C:\Program Files\StanJames
2006-09-07 23:14 -------- d---s---- C:\Documents and Settings\Bestwood\Application Data\Microsoft
2006-09-07 13:30 -------- d-------- C:\Program Files\directx
2006-09-04 17:27 -------- d-------- C:\Program Files\RadioXpi
2006-09-03 21:10 -------- d-------- C:\Program Files\Windows Defender
2006-09-03 21:10 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-02 18:14 -------- d-------- C:\Program Files\PokerStove
2006-09-02 18:07 -------- d-------- C:\Program Files\PokerOffice
2006-08-30 23:49 -------- d-------- C:\Program Files\FinePixViewer
2006-08-30 23:49 -------- d-------- C:\Documents and Settings\Bestwood\Application Data\FUJIFILM
2006-08-30 18:19 -------- d-------- C:\Program Files\PIXELA
2006-08-30 18:18 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-08-30 18:11 -------- d-------- C:\Program Files\REGSHAVE
2006-08-27 22:00 -------- d-------- C:\Program Files\Windows Media Player
2006-08-27 19:03 -------- d-------- C:\Documents and Settings\Bestwood\Application Data\Sun
2006-08-27 18:56 -------- d-------- C:\Program Files\Java
2006-08-27 18:54 -------- d-------- C:\Program Files\Common Files\Java
2006-08-27 18:54 -------- d-------- C:\Program Files\Common Files
2006-08-27 18:41 -------- d-------- C:\Program Files\WindowsUpdate
2006-08-27 17:25 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-08-27 17:19 -------- d-------- C:\Program Files\OfficeUpdate11
2006-08-27 16:59 -------- d-------- C:\Program Files\Common Files\ODBC
2006-08-27 16:25 -------- d-------- C:\Program Files\EPSON
2006-08-24 18:06 -------- d-------- C:\Program Files\Messenger
2006-08-24 17:55 -------- d-------- C:\Program Files\Outlook Express
2006-08-24 17:55 -------- d-------- C:\Program Files\Common Files\System
2006-08-24 01:04 -------- d-------- C:\Program Files\MSN Games
2006-08-23 22:44 -------- d-------- C:\Program Files\MyWay
2006-08-23 18:23 -------- d-------- C:\Program Files\Movie Maker
2006-08-23 18:07 -------- d-------- C:\Program Files\Windows NT
2006-08-23 18:07 -------- d-------- C:\Program Files\NetMeeting
2006-08-23 00:31 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-08-23 00:31 225792 --a------ C:\WINDOWS\system32\webcheck.dll
2006-08-23 00:31 152064 --a------ C:\WINDOWS\system32\msls31.dll
2006-08-23 00:18 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-08-23 00:17 40448 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-08-23 00:17 105472 --a------ C:\WINDOWS\system32\url.dll
2006-08-23 00:17 100352 --a------ C:\WINDOWS\system32\occache.dll
2006-08-23 00:16 16896 --a------ C:\WINDOWS\system32\corpol.dll
2006-08-23 00:14 378368 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-08-23 00:14 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-08-23 00:13 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-08-23 00:13 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-08-23 00:13 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-08-23 00:13 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-08-23 00:13 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-08-23 00:13 122880 --a------ C:\WINDOWS\system32\advpack.dll
2006-08-23 00:10 35328 --a------ C:\WINDOWS\system32\imgutil.dll
2006-08-23 00:07 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-08-22 23:37 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-08-22 23:30 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-08-22 22:25 -------- d-------- C:\Documents and Settings\Bestwood\Application Data\Talkback
2006-08-22 14:43 -------- d-------- C:\Program Files\Thomson
2006-08-22 14:40 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-22 14:16 -------- d-------- C:\Program Files\Kazaa
2006-08-22 14:15 -------- d-------- C:\Program Files\ScanPanel
2006-08-21 22:43 -------- d-------- C:\Documents and Settings\Bestwood\Application Data\Lavasoft
2006-08-21 22:36 -------- d-------- C:\Documents and Settings\Bestwood\Application Data\Google
2006-08-21 20:52 -------- d-------- C:\Program Files\Google
2006-08-21 20:49 -------- d-------- C:\Program Files\Lavasoft
2006-08-21 20:39 -------- d-------- C:\Documents and Settings\Bestwood\Application Data\AVG7
2006-08-21 20:38 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-21 20:38 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-08-21 20:38 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-08-21 20:38 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-08-21 20:38 -------- d-------- C:\Program Files\Grisoft
2006-08-21 17:15 -------- d-------- C:\Program Files\CleanUp!
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-13 09:48 202240 --a------ C:\WINDOWS\system32\drivers\rmcast.sys
2006-06-29 08:05 26112 --------- C:\WINDOWS\system32\idndl.dll
2006-06-29 08:05 23552 --------- C:\WINDOWS\system32\normaliz.dll
2006-06-28 17:59 24576 --------- C:\WINDOWS\system32\nlsdl.dll
2006-06-22 06:06 69120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-06-22 06:06 1435648 --a------ C:\WINDOWS\system32\query.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PE2CKFNT SE"="C:\\Program Files\\Ulead Systems\\Ulead Photo Express 2 SE\\ChkFont.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"Workflow"="Q:\\Workflow.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"EPSON Stylus C46 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I0T1.EXE /P23 \"EPSON Stylus C46 Series\" /O6 \"USB001\" /M \"Stylus C46\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mfwz"="C:\\PROGRA~1\\COMMON~1\\mfwz\\mfwzm.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mfwz"="C:\\PROGRA~1\\COMMON~1\\mfwz\\mfwzm.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{1A4886E2-7EAF-495B-A191-CAB5D9347D6D}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:0000009d

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 13/09/2006 21:02:32.60
ComboFix.txt

Logfile of HijackThis v1.99.1
Scan saved at 9:20:20 PM, on 13/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Kirby Alarm\kirbyalarm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\Bestwood\Desktop\anti virus\crusty.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Workflow] Q:\Workflow.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Kirby Alarm.lnk = C:\Program Files\Kirby Alarm\kirbyalarm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Bet Hold'em Poker - {1BB3B2DD-30A2-4231-9547-B61760F0BF86} - C:\Program Files\betholdemMPP\MPPoker.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Stan James Poker.com Poker - {7F2F6F5A-CAE2-4954-A461-36B3757B2BFB} - C:\Program Files\stanjamesgibMPP\MPPoker.exe
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104687630078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1156697673593
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39831B4C-7179-40D2-9BD2-4929E58C5CF9}: NameServer = 212.67.120.148 212.67.96.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{39831B4C-7179-40D2-9BD2-4929E58C5CF9}: NameServer = 212.67.120.148 212.67.96.129
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

Logfile of HijackThis v1.99.1
Scan saved at 9:20:20 PM, on 13/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Kirby Alarm\kirbyalarm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\Bestwood\Desktop\anti virus\crusty.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Workflow] Q:\Workflow.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Kirby Alarm.lnk = C:\Program Files\Kirby Alarm\kirbyalarm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Bet Hold'em Poker - {1BB3B2DD-30A2-4231-9547-B61760F0BF86} - C:\Program Files\betholdemMPP\MPPoker.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Stan James Poker.com Poker - {7F2F6F5A-CAE2-4954-A461-36B3757B2BFB} - C:\Program Files\stanjamesgibMPP\MPPoker.exe
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104687630078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1156697673593
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39831B4C-7179-40D2-9BD2-4929E58C5CF9}: NameServer = 212.67.120.148 212.67.96.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{39831B4C-7179-40D2-9BD2-4929E58C5CF9}: NameServer = 212.67.120.148 212.67.96.129
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

#13
Crustyoldbloke

Posted 13 September 2006 - 03:05 PM

Old Malware Surgeon with a shaky scalpel

Retired Staff
15,131 posts

I just looked at the HJT log - appears to be OK.

I haven't closely looked at the ComboFix log yet, and I have to be away for a couple of hours now.

If you want to get rid of those Norton Protect files, here's how.

1. On the desktop, right-click the Norton Protected Recycle Bin icon.
Click Properties.
On the Norton Protection tab, UNcheck Enable Protection.
Click OK.
Restart the computer – after reboot empty the Recycle Bin
On the desktop, right-click the Norton Protected Recycle Bin icon.
Click Properties.
. On the Norton Protection tab, check Enable Protection.
. Click OK.

How's the PC running?

#14
matt66666

Posted 13 September 2006 - 03:39 PM

Member

Topic Starter
Member
32 posts

Thats ok crusty take your time am not in a hurry, am am not sure what you mean norton protected recycle bin i dont have any norton icons on my desk top and my normal recycle bin does not have a norton tab when you right click anyway the PC starts alot quicker and and does not pause for a long time when you click on and icon or program for example my documents it definiltly seems to be running better and there is no start up error thanks very much for your time look forward to hearing from u

#15
Crustyoldbloke

Posted 13 September 2006 - 05:56 PM

Old Malware Surgeon with a shaky scalpel

Retired Staff
15,131 posts

My apologies for your wait.

Congratulations! your new log is clean. :whistling:

Just a little bit more to do to prevent further infection.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
I recommend going to the following link and update as recommended by Microsoft. This adds more security and extra features including a pop-up blocker for Internet Explorer. Microsoft Update

MVPS Hosts file This replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.

SiteAdvisor download this plug-in for your browser and it will alert you of a known bad site for FREE.

Now that everything is fixed, I suggest that you consider getting these programmes to help keep the computer clean:

SPYWARE BLASTER - Blocks bad ActiveX items from installing on your computer.
WINDOWS DEFENDER - With daily updates and scans, this programme offers good security against malware.
AD-AWARE PERSONAL – A fine free malware detector and removal programme
SPYBOT S&D – Excellent free spyware detector and removal programme
GOOGLE TOOLBAR - Blocks many unwanted pop-ups in Internet Explorer.
FIREFOX - Safer alternative to the Internet Explorer web browser.
AVG ANTIVIRUS FREE EDITION - Free antivirus programme if you currently are not using one.
ZONEALARM - Free firewall programme if you currently are not using one (Windows XP has a built-in firewall).

Remember to update these frequently.

Please note that whilst there is nothing wrong in having more than one antispyware programme for “on demand” scanning, having two or more antivirus systems is not recommended as they may well cause conflicts and slowness.

You may also want to read "How did I get infected in the first place" to learn how to better secure your computer.

Be sure to keep your Windows, antispyware and antivirus updated. :blink: