View Full Version : xlibgfl254.dll and pesttrap
Hi everyone! I've recently found that I have the xlibgfl254.dll file on my system that I can't get rid of. I also have that horrible pesttrap program that I can't get rid of either. Here are my HJT log and Panda Scan log.
Thanks very much for this forum. These thing are driving me crazy!
a)HJT
Logfile of HijackThis v1.99.1
Scan saved at 4:19:29 PM, on 3/16/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe
C:\Program Files\Common Files\DriveCleaner Free\udcpas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Ares Ultra\Ares Ultra.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\antivir.exe
C:\hijackthis\hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {EBDAE3FC-0E4F-29BC-6B90-2380003B52B3} - C:\WINDOWS\System32\ikvc.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe
O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe"
O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcpas.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PestTrap] C:\Program Files\PestTrap\PestTrap.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs:
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
b) Panda Scan
Incident Status Location
Adware:Adware/SpySheriff Not disinfected C:\winstall.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\SYSTEM32\Process.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\SYSTEM32\?racle\spool32.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\SYSTEM32\explorer.dll
Spyware:Generic Adware Not disinfected C:\WINDOWS\SYSTEM32\ntsystem.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\run2.exe
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Program Files\Common Files\DriveCleaner Free\udcpas.exe
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@hitbox[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@questionmarket[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@ehg-idg.hitbox[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@2o7[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@atdmt[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@mediaplex[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@statse.webtrendslive[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@microsofteup.112.2o7[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@ads.pointroll[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@trafficmp[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@statcounter[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@advertising[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@servedby.advertising[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@advertising[3].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@tribalfusion[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@maxserving[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@doubleclick[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@ad.yieldmanager[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@media.fastclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@fastclick[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@cdfreaks[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@club.cdfreaks[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Caryn\Cookies\caryn@as-us.falkag[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Caryn_2\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Caryn_2\Desktop\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Caryn_2\Desktop\smitrem\smitRem\Process.exe
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@www.burstbeacon[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@doubleclick[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@statse.webtrendslive[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@tribalfusion[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@statse.webtrendslive[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@2o7[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@overture[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@zedo[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@toplist[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@atdmt[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@ct.360i[1].txt
Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@versiontracker[1].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@cdfreaks[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@club.cdfreaks[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@statse.webtrendslive[3].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@bs.serving-sys[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@ads.pointroll[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@bravenet[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@cgi-bin[3].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@overture[3].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@burstnet[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@com[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@serving-sys[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@adtech[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@perf.overture[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@trafficmp[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@112.2o7[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@questionmarket[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Caryn_2\Cookies\caryn_2@bs.serving-sys[2].txt
Adware:Adware/SecurityError Not disinfected C:\Documents and Settings\Caryn_2\Application Data\xlibgfl254.dll
Hacktool:Exploit/LoadImage Not disinfected C:\Documents and Settings\Ma\Local Settings\Temporary Internet Files\Content.IE5\M5JCH0N6\n[1].anr
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Ma\Local Settings\Temporary Internet Files\Content.IE5\SN1JEUN9\n[1].exe
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Ma\Local Settings\Temporary Internet Files\Content.IE5\HCOVXL0P\antivir[1].exe
Virus:VBS/Psyme.C Disinfected C:\Documents and Settings\Ma\Local Settings\Temporary Internet Files\Content.IE5\1NRJPLSE\index[1].htm
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Ma\Cookies\ma@mediaplex[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ma\Cookies\ma@doubleclick[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ma\Cookies\ma@serving-sys[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Ma\Cookies\ma@casalemedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Ma\Cookies\ma@revenue[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Ma\Cookies\ma@landing.domainsponsor[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ma\Cookies\ma@belnk[1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Ma\Cookies\ma@ads.addynamix[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Ma\Cookies\ma@hitbox[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Ma\Cookies\ma@apmebf[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ma\Cookies\ma@advertising[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Ma\Cookies\ma@counter.hitslink[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Ma\Cookies\ma@bluestreak[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Ma\Cookies\ma@2o7[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ma\Cookies\ma@tribalfusion[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Ma\Cookies\ma@statse.webtrendslive[2].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Ma\Cookies\ma@data.coremetrics[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Ma\Cookies\ma@drivecleaner[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Ma\Cookies\ma@statcounter[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ma\Cookies\ma@doubleclick[3].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ma\Cookies\ma@overture[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Ma\Cookies\ma@media.fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Ma\Cookies\ma@mediaplex[3].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Ma\Cookies\ma@hitbox[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ma\Cookies\ma@advertising[4].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Ma\Cookies\ma@fastclick[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ma\Cookies\ma@com[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Ma\Cookies\ma@tradedoubler[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ma\Cookies\ma@server.iad.liveperson[2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Ma\Cookies\ma@bfast[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ma\Cookies\ma@dist.belnk[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ma\Cookies\ma@tribalfusion[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ma\Cookies\ma@bs.serving-sys[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Ma\Cookies\ma@go[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ma\Cookies\ma@zedo[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Ma\Cookies\ma@2o7[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ma\Cookies\ma@atwola[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Ma\Cookies\ma@ads.pointroll[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ma\Cookies\ma@realmedia[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ma\Cookies\ma@questionmarket[3].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Ma\Cookies\ma@bluestreak[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ma\Cookies\ma@atdmt[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ma\Cookies\ma@advertising[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ma\Cookies\ma@questionmarket[1].txt
Adware:Adware/SecurityError Not disinfected C:\Documents and Settings\Ma\Application Data\xlibgfl254.dll
Virus:Trj/Downloader.MDW Disinfected C:\Documents and Settings\Craig_2\Local Settings\Temporary Internet Files\Content.IE5\3E8FZLK9\e[1].exe
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Craig_2\Local Settings\Temporary Internet Files\Content.IE5\YDT2BQLS\n[1].exe
Hacktool:Exploit/LoadImage Not disinfected C:\Documents and Settings\Craig_2\Local Settings\Temporary Internet Files\Content.IE5\9NFJDP8E\e[1].anr
Hacktool:Exploit/LoadImage Not disinfected C:\Documents and Settings\Craig_2\Local Settings\Temporary Internet Files\Content.IE5\O3RJ2CL1\n[1].anr
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Documents and Settings\Craig_2\Local Settings\Temporary Internet Files\Content.IE5\O5EJ2RS1\installdrivecleanerstart[1].exe
Potentially unwanted tool:Application/SystemDoctor2006 Not disinfected C:\Documents and Settings\Craig_2\Local Settings\Temporary Internet Files\Content.IE5\Y239PNPR\SystemDoctor2006FreeInstall[1].exe
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@atdmt[2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@bfast[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@overture[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@bravenet[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@go[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@maxserving[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@apmebf[2].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@qksrv[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@2o7[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@advertising[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@realmedia[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@adrevolver[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@com[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@tribalfusion[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@adrevolver[3].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@doubleclick[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@atdmt[3].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@mediaplex[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@fastclick[2].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@findwhat[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@serving-sys[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@drivecleaner[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@hitbox[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@phg.hitbox[2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@bfast[3].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@statse.webtrendslive[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@atwola[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@data.coremetrics[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@perf.overture[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@server.iad.liveperson[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@toplist[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@bs.serving-sys[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@advertising[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@questionmarket[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@2o7[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@ads.pointroll[2].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Craig_2\Cookies\craig_2@counter.hitslink[1].txt
Adware:Adware/SecurityError Not disinfected C:\Documents and Settings\Craig_2\Application Data\xlibgfl254.dll
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Documents and Settings\Craig_2\Application Data\drvcleaner.exe
Adware:Adware/SpySheriff Not disinfected C:\ann.exe
Adware:Adware/SpySheriff Not disinfected C:\antivir.exe
Adware:Adware/HuntBar Not disinfected C:\John\From C\Common Files\BTLINK\BTLINK.DLL
Hacktool:Exploit/URLSpoof Not disinfected C:\John\From E\Program Files\IncrediMail\Data\Identities\{11D0D9A0-4355-11D7-B67D-0048548DD499}\Message Store\Inbox.imm[~0003971.~]
Hacktool:Exploit/URLSpoof Not disinfected C:\John\From E\Program Files\IncrediMail\Data\Identities\{11D0D9A0-4355-11D7-B67D-0048548DD499}\Message Store\Inbox.imm[~0005421.~]
Hacktool:Rootkit/Fu.A Not disinfected D:\Program Files\Internet Explorer\iexplorer.exe
Adware:Adware/eZula Not disinfected D:\WINDOWS\SYSTEM\stub.exe
Spyware:Cookie/Overture Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.overture.com/]
Spyware:Cookie/FastClick Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.fastclick.net/]
Spyware:Cookie/Hitbox Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[hg1.hitbox.com/]
Spyware:Cookie/Sextracker Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.sextracker.com/]
Spyware:Cookie/Advertising Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Hitbox Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[hg1.hitbox.com/]
Spyware:Cookie/CentrPort Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.centrport.net/]
Spyware:Cookie/Hitbox Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[hg1.hitbox.com/]
Spyware:Cookie/QuestionMarket Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Hitbox Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[hg1.hitbox.com/]
Spyware:Cookie/Com.com Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.com.com/]
Spyware:Cookie/Atlas DMT Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/SexList Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.sexlist.com/]
Spyware:Cookie/Peel Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.peel.com/]
Spyware:Cookie/Go Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[ehg.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[hg1.hitbox.com/]
Spyware:Cookie/Valueclick Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.valueclick.com/]
Spyware:Cookie/Bfast Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.bfast.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.targetnet.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Mediaplex Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Doubleclick Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Com.com Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.com.com/]
Spyware:Cookie/Euniverseads Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.euniverseads.com/]
Spyware:Cookie/Advertising Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/WebtrendsLive Not disinfected D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt[statse.webtrendslive.com/S009-00-10-19-195641-32089]
Adware:Adware/Comet Not disinfected D:\WINDOWS\Application Data\Business Logic\UWC\Backup\J37370.8592762731.WCU[C:/WINDOWS/TEMP/ccu/comet.cab][csbho.dll]
Adware:Adware/Comet Not disinfected D:\WINDOWS\Application Data\Business Logic\UWC\Backup\J37370.8592762731.WCU[C:/WINDOWS/TEMP/ccu/csbho.dll]
Hacktool:Exploit/iFrame Not disinfected D:\WINDOWS\Application Data\Business Logic\UWC\Backup\J37370.8592762731.WCU[C:/WINDOWS/Local Settings/Temporary Internet Files/Content.IE5/UNA3G12B/wbk1041.TMP]
Hacktool:Exploit/iFrame Not disinfected D:\WINDOWS\Application Data\Business Logic\UWC\Backup\J37370.8592762731.WCU[C:/WINDOWS/Local Settings/Temporary Internet Files/Content.IE5/UNA3G12B/wbk1042.TMP]
Hacktool:Exploit/iFrame Not disinfected D:\WINDOWS\Application Data\Business Logic\UWC\Backup\J37370.8592762731.WCU[C:/WINDOWS/Local Settings/Temporary Internet Files/Content.IE5/UNA3G12B/wbk1044.TMP]
Hacktool:Exploit/iFrame Not disinfected D:\WINDOWS\Application Data\Business Logic\UWC\Backup\J37370.8592762731.WCU[C:/WINDOWS/Local Settings/Temporary Internet Files/Content.IE5/UNA3G12B/wbk1045.TMP]
Potentially unwanted tool:Application/PRScheduler Not disinfected D:\WINDOWS\Start Menu\Programs\Disabled Startup Items\PowerReg Scheduler.exe
Potentially unwanted tool:Application/Reboot.A Not disinfected D:\WINDOWS\Start Menu\Programs\Disabled Startup Items\Reboot.exe
Spyware:Spyware/New.net Not disinfected F:\Program Files\NewDotNet\uninstall7_14.exe
Adware:Adware/IGetNet Not disinfected F:\WINDOWS\system32\NLNP13.dll
Potentially unwanted tool:Application/Reboot.A Not disinfected F:\WINDOWS\system32\Reboot.ex$
Adware:Adware/WinAD Not disinfected F:\WINDOWS\Downloaded Program Files\imloader.exe
Adware:Adware/Startpage.CEO Not disinfected F:\WINDOWS\Downloaded Program Files\olehelp.exe
Spyware:Spyware/New.net Not disinfected F:\WINDOWS\NDNuninstall7_14.exe
Spyware:Spyware/New.net Not disinfected F:\WINDOWS\NDNuninstall4_85.exe
Spyware:Cookie/Azjmp Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@azjmp[1].txt
Spyware:Cookie/Xiti Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@xiti[1].txt
Spyware:Cookie/WebPower Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@webpower[1].txt
Spyware:Cookie/QuestionMarket Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@questionmarket[3].txt
Spyware:Cookie/Atlas DMT Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@atdmt[2].txt
Spyware:Cookie/Barelylegal Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@c.fsx[1].txt
Spyware:Cookie/Overture Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@perf.overture[1].txt
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@ath.belnk[1].txt
Spyware:Cookie/Xmts Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@xmts[1].txt
Spyware:Cookie/Zedo Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@zedo[3].txt
Spyware:Cookie/Doubleclick Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@doubleclick[1].txt
Spyware:Cookie/Powerscan Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@gammae[2].txt
Spyware:Cookie/E-eliminator Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@evidence-eliminator[2].txt
Spyware:Cookie/Mircx Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@pop.mircx[1].txt
Spyware:Cookie/Com.com Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@terra.com[1].txt
Spyware:Cookie/Yadro Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@yadro[2].txt
Spyware:Cookie/CWS Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@coolwebsearch[1].txt
Spyware:Cookie/LinkExchange Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@linkexchange[1].txt
Spyware:Cookie/Banner Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@banner[1].txt
Spyware:Cookie/360i Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@ct.360i[1].txt
Spyware:Cookie/Atwola Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@atwola[3].txt
Spyware:Cookie/Target Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@target[1].txt
Spyware:Cookie/Com.com Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@com[2].txt
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@belnk[1].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@smni[2].txt
Spyware:Cookie/Adserver Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@z1.adserver[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@desktop.kazaa[1].txt
Spyware:Cookie/Tribalfusion Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@tribalfusion[3].txt
Spyware:Cookie/Serving-sys Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@serving-sys[2].txt
Spyware:Cookie/Tickle Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@tickle[4].txt
Spyware:Cookie/Go Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@go[1].txt
Spyware:Cookie/Serving-sys Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@bs.serving-sys[3].txt
Spyware:Cookie/Traffic Marketplace Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@trafficmp[1].txt
Spyware:Cookie/2o7 Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@112.2o7[4].txt
Spyware:Cookie/Azjmp Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@azjmp[2].txt
Spyware:Cookie/Bluestreak Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@bluestreak[3].txt
Spyware:Cookie/adultfriendfinder Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@adultfriendfinder[2].txt
Spyware:Cookie/QkSrv Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@qksrv[1].txt
Spyware:Cookie/Casalemedia Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@casalemedia[1].txt
Spyware:Cookie/Atwola Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@atwola[2].txt
Spyware:Cookie/Statcounter Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@statcounter[1].txt
Spyware:Cookie/Adrevolver Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@adrevolver[1].txt
Spyware:Cookie/Hbmediapro Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@adopt.hbmediapro[3].txt
Spyware:Cookie/Searchportal Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@searchportal.information[2].txt
Spyware:Cookie/Apmebf Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@apmebf[1].txt
Spyware:Cookie/WUpd Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@revenue[1].txt
Spyware:Cookie/YieldManager Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@ad.yieldmanager[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@trafficmp[2].txt
Spyware:Cookie/QuestionMarket Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@questionmarket[1].txt
Spyware:Cookie/Casalemedia Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@casalemedia[3].txt
Spyware:Cookie/Adrevolver Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@adrevolver[3].txt
Spyware:Cookie/BurstBeacon Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@www.burstbeacon[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@offeroptimizer[1].txt
Spyware:Cookie/PointRoll Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@ads.pointroll[3].txt
Spyware:Cookie/Bfast Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@bfast[2].txt
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@dist.belnk[3].txt
Spyware:Cookie/Serving-sys Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@serving-sys[3].txt
Spyware:Cookie/Adserver Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@z1.adserver[1].txt
Spyware:Cookie/CentrPort Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@centrport[2].txt
Spyware:Cookie/Overture Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@overture[3].txt
Spyware:Cookie/Maxserving Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@maxserving[1].txt
Spyware:Cookie/AdDynamix Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@ads.addynamix[4].txt
Spyware:Cookie/Hitbox Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@ehg.hitbox[2].txt
Spyware:Cookie/2o7 Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@2o7[4].txt
Spyware:Cookie/RealMedia Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@realmedia[3].txt
Spyware:Cookie/Peel Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@peel[2].txt
Spyware:Cookie/Coremetrics Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@data.coremetrics[2].txt
Spyware:Cookie/RealMedia Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@realmedia[2].txt
Spyware:Cookie/2o7 Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@112.2o7[1].txt
Spyware:Cookie/Valueclick Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@valueclick[1].txt
Spyware:Cookie/Overture Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@overture[5].txt
Spyware:Cookie/DomainSponsor Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@domainsponsor[1].txt
Spyware:Cookie/Casalemedia Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@casalemedia[4].txt
Spyware:Cookie/Adserver Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@z1.adserver[5].txt
Spyware:Cookie/Falkag Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@as-us.falkag[1].txt
Spyware:Cookie/BurstNet Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@burstnet[1].txt
Spyware:Cookie/Tradedoubler Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@tradedoubler[1].txt
Spyware:Cookie/BurstBeacon Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@www.burstbeacon[3].txt
Spyware:Cookie/Hitbox Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@ehg-dig.hitbox[2].txt
Spyware:Cookie/Falkag Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@a.as-us.falkag[1].txt
Spyware:Cookie/FastClick Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@fastclick[1].txt
Spyware:Cookie/Serving-sys Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@serving-sys[5].txt
Spyware:Cookie/Advertising Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@advertising[2].txt
Spyware:Cookie/Target Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@target[2].txt
Spyware:Cookie/WUpd Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@revenue[2].txt
Spyware:Cookie/2o7 Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@2o7[2].txt
Spyware:Cookie/CasinoKing Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@casinolasvegas[1].txt
Spyware:Cookie/Statcounter Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@statcounter[2].txt
Spyware:Cookie/Zedo Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@zedo[4].txt
Spyware:Cookie/AdDynamix Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@ads.addynamix[2].txt
Spyware:Cookie/AdDynamix Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@ads.addynamix[1].txt
Spyware:Cookie/Tribalfusion Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@tribalfusion[5].txt
Spyware:Cookie/Traffic Marketplace Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@trafficmp[4].txt
Spyware:Cookie/Maxserving Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@maxserving[2].txt
Spyware:Cookie/Com.com Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@com[3].txt
Spyware:Cookie/Serving-sys Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@bs.serving-sys[2].txt
Spyware:Cookie/YieldManager Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@ad.yieldmanager[2].txt
Spyware:Cookie/Hitbox Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@hitbox[2].txt
Spyware:Cookie/QuestionMarket Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@questionmarket[4].txt
Spyware:Cookie/Cgi-bin Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@cgi-bin[3].txt
Spyware:Cookie/PointRoll Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@ads.pointroll[4].txt
Spyware:Cookie/Tribalfusion Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@tribalfusion[1].txt
Spyware:Cookie/C.porngraph Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@c.porngraph[1].txt
Spyware:Cookie/Statcounter Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@statcounter[5].txt
Spyware:Cookie/Mediaplex Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@mediaplex[2].txt
Spyware:Cookie/DomainSponsor Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@landing.domainsponsor[1].txt
Spyware:Cookie/XXXCounter Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@xxxcounter[1].txt
Spyware:Cookie/Zedo Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@zedo[2].txt
Spyware:Cookie/Apmebf Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@apmebf[2].txt
Spyware:Cookie/2o7 Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@2o7[1].txt
Spyware:Cookie/Linksynergy Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@linksynergy[1].txt
Spyware:Cookie/Mammamediasolutions Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@targetnet[1].txt
Spyware:Cookie/MyWay Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@www.xzoomy[1].txt
Spyware:Cookie/Rightmedia Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@rightmedia[2].txt
Spyware:Cookie/Tickle Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@tickle[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@server.iad.liveperson[2].txt
Spyware:Cookie/Gator Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@gator[1].txt
Spyware:Cookie/Advertising Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@servedby.advertising[2].txt
Spyware:Cookie/WegCash Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@programs.wegcash[2].txt
Spyware:Cookie/Sextracker Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@counter2.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@sextracker[2].txt
Spyware:Cookie/Sextracker Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@counter6.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@counter16.sextracker[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@adultfriendfinder[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@cs.sexcounter[2].txt
Spyware:Cookie/PayCounter Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@paycounter[2].txt
Spyware:Cookie/Ccbill Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@ccbill[1].txt
Spyware:Cookie/Sextracker Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@counter14.sextracker[2].txt
Spyware:Cookie/Sextracker Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@counter8.sextracker[1].txt
Spyware:Cookie/SexList Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@sexlist[2].txt
Spyware:Cookie/Overture Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@overture[2].txt
Spyware:Cookie/Bridgetrack Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@citi.bridgetrack[2].txt
Spyware:Cookie/Bluestreak Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@bluestreak[1].txt
Spyware:Cookie/WegCash Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@programs.wegcash[3].txt
Spyware:Cookie/FreshAuditionsDating Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@freshauditionsdating[1].txt
Spyware:Cookie/PointRoll Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@ads.pointroll[1].txt
Spyware:Cookie/Atwola Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@atwola[1].txt
Spyware:Cookie/RealMedia Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@realmedia[1].txt
Spyware:Cookie/Bluestreak Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@bluestreak[2].txt
Spyware:Cookie/AdDynamix Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@ads.addynamix[3].txt
Spyware:Cookie/GangbangSquad Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@www.gangbangsquad[2].txt
Spyware:Cookie/PointRoll Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@ads.pointroll[2].txt
Spyware:Cookie/Falkag Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@a.as-us.falkag[2].txt
Spyware:Cookie/cs.sexcounter Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@cs.sexcounter[3].txt
Spyware:Cookie/Adserver Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@z1.adserver[3].txt
Spyware:Cookie/Cgi-bin Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@cgi-bin[4].txt
Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@dist.belnk[1].txt
Spyware:Cookie/2o7 Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@112.2o7[2].txt
Spyware:Cookie/WUpd Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@revenue[3].txt
Spyware:Cookie/Peel Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@peel[3].txt
Spyware:Cookie/Rightmedia Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@rightmedia[1].txt
Spyware:Cookie/Ccbill Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@ccbill[2].txt
Spyware:Cookie/Overture Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@overture[1].txt
Spyware:Cookie/Media-motor Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@mmm.media-motor[2].txt
Spyware:Cookie/BurstBeacon Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@www.burstbeacon[2].txt
Spyware:Cookie/Maxserving Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@maxserving[3].txt
Spyware:Cookie/PayCounter Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@paycounter[1].txt
Spyware:Cookie/Tribalfusion Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@tribalfusion[2].txt
Spyware:Cookie/C.porngraph Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@c.porngraph[2].txt
Spyware:Cookie/XXXCounter Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@xxxcounter[2].txt
Spyware:Cookie/Cgi-bin Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@cgi-bin[1].txt
Spyware:Cookie/Zedo Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@zedo[1].txt
Spyware:Cookie/Azjmp Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@azjmp[3].txt
Spyware:Cookie/Gator Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@gator[2].txt
Spyware:Cookie/Uproar Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@ads.uproar[2].txt
Spyware:Cookie/Hbmediapro Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@adopt.hbmediapro[1].txt
Spyware:Cookie/Serving-sys Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@serving-sys[1].txt
Spyware:Cookie/Tickle Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@tickle[1].txt
Spyware:Cookie/Statcounter Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@statcounter[3].txt
Spyware:Cookie/QuestionMarket Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@questionmarket[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@trafficmp[3].txt
Spyware:Cookie/Powerscan Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@gammae[3].txt
Spyware:Cookie/Serving-sys Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@bs.serving-sys[1].txt
Spyware:Cookie/SpywareStormer Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@spywarestormer[1].txt
Spyware:Cookie/GangbangSquad Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@gangbangsquad[2].txt
Spyware:Cookie/FreshAuditionsDating Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@freshauditionsdating[3].txt
Spyware:Cookie/WegCash Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@programs.wegcash[1].txt
Spyware:Cookie/Bridgetrack Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@citi.bridgetrack[3].txt
Spyware:Cookie/DomainSponsor Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@landing.domainsponsor[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@server.iad.liveperson[1].txt
Spyware:Cookie/DomainSponsor Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@domainsponsor[2].txt
Spyware:Cookie/Casalemedia Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@casalemedia[2].txt
Spyware:Cookie/360i Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@ct.360i[2].txt
Spyware:Cookie/QkSrv Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@qksrv[3].txt
Spyware:Cookie/2o7 Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@2o7[3].txt
Spyware:Cookie/Apmebf Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@apmebf[3].txt
Spyware:Cookie/BurstNet Not disinfected F:\Documents and Settings\caryn s\Cookies\caryn s@burstnet[2].txt
Hello spaceid and welcome to the Forums :)
You got some nasty infections there...
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
========
Please download the following program and save it to your desktop:
http://noahdfear.geekstogo.com/FindAWF.exe
Once downloaded, double-click on the file to run it. When it is done there will be a file called awf.txt on your desktop. Please post the contents of that file as a reply to this topic.
Hi! Thanks for replying. Here is my info:
Combofix
ComboFix 07-03-22 - Running from: "C:\Documents and Settings\Craig_2\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\explorer.dll
C:\winstall.exe
C:\WINDOWS\start.exe
C:\DOCUME~1\CRAIG_2\APPLIC~1.\install.dat
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\WINDOWS\CURITY~1
C:\qoobox\purity\WINDOWS\SYSTEM32\RACLE~1
C:\qoobox\purity\WINDOWS\SYSTEM32\STEM32~1
C:\qoobox\purity\WINDOWS\SYSTEM32\RACLE~1\RACLE~1
C:\qoobox\purity\WINDOWS\SYSTEM32\RACLE~1\spool32.exe
C:\qoobox\purity\Program Files\Common Files\DOBE~1
((((((((((((((((((((((((((((((( Files Created from 2007-02-21 to 2007-03-21 ))))))))))))))))))))))))))))))))))
2007-03-20 16:23 <DIR> d-------- C:\Program Files\eMusic Download Manager
2007-03-20 16:23 <DIR> d-------- C:\DOCUME~1\Craig_2\APPLIC~1\InstallShield
2007-03-16 16:16 <DIR> d-------- C:\hijackthis
2007-03-15 16:19 <DIR> d-------- C:\DOCUME~1\Craig_2\APPLIC~1\Roxio
2007-03-15 16:09 <DIR> d-------- C:\Program Files\Common Files\Napster Shared
2007-03-15 16:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Napster
2007-03-15 16:08 <DIR> d-------- C:\Program Files\Napster
2007-03-14 20:09 <DIR> d-------- C:\WINDOWS\Sun
2007-03-14 20:09 <DIR> d-------- C:\DOCUME~1\Caryn_2\APPLIC~1\Sun
2007-03-14 20:06 1,099,418 --a------ C:\DOCUME~1\Caryn_2\APPLIC~1\Install.dat
2007-03-14 20:06 <DIR> d-------- C:\Program Files\Java
2007-03-14 20:06 <DIR> d-------- C:\Program Files\Common Files\Java
2007-03-14 18:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-03-14 18:36 79,360 --a------ C:\WINDOWS\SYSTEM32\swxcacls.exe
2007-03-14 18:36 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2007-03-14 18:36 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-03-14 18:36 40,960 --a------ C:\WINDOWS\SYSTEM32\swsc.exe
2007-03-14 18:36 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-03-14 18:36 2,290 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-03-14 18:36 135,168 --a------ C:\WINDOWS\SYSTEM32\swreg.exe
2007-03-14 18:34 <DIR> d-------- C:\WINDOWS\pss
2007-03-14 18:13 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-03-12 21:38 <DIR> d-------- C:\Program Files\Apple Software Update
2007-03-05 11:14 29,184 --a------ C:\antivir.exe
2007-02-23 20:45 1,437,991 --a------ C:\DOCUME~1\Ma\APPLIC~1\Install.dat
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-16 11:13 -------- d-------- C:\DOCUME~1\Craig_2\APPLIC~1\drivecleaner free
2007-02-14 16:59 124112 --a------ C:\DOCUME~1\Craig_2\APPLIC~1\drvcleaner.exe
2007-02-08 21:08 -------- d-------- C:\DOCUME~1\Craig_2\APPLIC~1\utorrent
2007-02-08 21:07 -------- d-------- C:\Program Files\utorrent
2007-02-08 21:06 -------- d-------- C:\Program Files\ares ultra
2007-01-24 21:06 -------- d-------- C:\Program Files\sony setup
2007-01-08 16:29 29184 --a------ C:\ann.exe
2006-12-30 11:30 4096 --a------ C:\WINDOWS\SYSTEM32\ntsystem.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"PestTrap"="C:\\Program Files\\PestTrap\\PestTrap.exe"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"ares ultra"="\"C:\\Program Files\\Ares Ultra\\Ares Ultra.exe\" -h"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SystemTray"="SysTray.Exe"
"C-Media Mixer"="Mixer.exe /startup"
"PCTVOICE"="pctspk.exe"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"gwiz"="C:\\WINDOWS\\System32\\ntsystem.exe"
"SDR6_Check"="\"C:\\Program Files\\Common Files\\DriveCleaner Free\\udcsdr.exe\""
"PAS_Check"="\"C:\\Program Files\\Common Files\\DriveCleaner Free\\udcpas.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"NapsterShell"="C:\\Program Files\\Napster\\napster.exe /systray"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://www.google.com/intl/en_ALL/images/logo.gif
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll, xlibgfl254.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Tune-up Application Start.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-03-21 18:11:02
AWF
Find AWF report by noahdfear ©2006
bak folders found
~~~~~~~~~~~
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
end of report
Ok good :)
Please remove any old versions of SmitFraudFix:
Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.exe) (by S!Ri)
Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)
NOTE: Do not run any other options from SmitfraudFix until I tell you to do so!
Here's the SmitFraud text:
SmitFraudFix v2.153
Scan done at 17:21:14.22, Fri 03/23/2007
Run from C:\Documents and Settings\Craig_2\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
C:\winstall.exe FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Craig_2
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Craig_2\Application Data
C:\Documents and Settings\Craig_2\Application Data\Install.dat FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\CRAIG_2\STARTM~1\PROGRAMS\PestTrap FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CRAIG_2\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\PestTrap\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.google.com/intl/en_ALL/images/logo.gif"
"SubscribedURL"="http://www.google.com/intl/en_ALL/images/logo.gif"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Hi again, we'll continue :)
Before we can start the cleaning I need you to do something important.
Please download and install Windows XP Service Pack 1A -> Windows XP SP1a (http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx)
NOTE! Do NOT install Service Pack 2 yet. We'll have to get you cleaned first
You should print these instructions or save these to a text file. Follow these instructions carefully.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.
Make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
==================
Open Control Panel -> Add/Remove programs -> Remove all the of the following or similar entries if found:
DriveCleaner Free
and any other programs you didn't install or don't recognize - if your not sure please ask first
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter.
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.
Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
Warning : running option #2 on a non infected computer will remove your Desktop background.
Backup your registry:
Start
Run
Type the following to the box and hit Ok: regedit
A window opens, click on File
Choose Export form the menu
Change the save location to C:\
Give the filename, RegBackUp
Make sure that the filetype is set to Registryfiles (*.reg)
Click on Save and Close the window
Open Notepad (NOT WORDPAD!) and copy the following lines from the quote box below into a new document, leaving a blank line at the end. (don't forget to copy and paste the word REGEDIT4) :
REGEDIT4
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll"
Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.
Save the document to your desktop as Fix.reg and filetype: All Files
Go to your desktop and double click on the file to run Fix.reg and when it asks you if you want to merge the contents to the registry, click yes/ok.
Stop the following processes using Task Manager (press ctrl+alt+del, select the Processes tab, highlight the first process in the list and click End Process). Continue through the list (one at a time) until all processes have been ended. If something isn't found, please continue with the next process in the list.
udcsdr.exe
udcpas.exe
antivir.exe
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
O2 - BHO: (no name) - {EBDAE3FC-0E4F-29BC-6B90-2380003B52B3} - C:\WINDOWS\System32\ikvc.dll (file missing)
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe
O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe"
O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcpas.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PestTrap] C:\Program Files\PestTrap\PestTrap.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - AppInit_DLLs:
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Go to the My Computer and delete the following files (if present):
C:\Documents and Settings \Craig_2\Application Data\drivecleaner free
C:\Documents and Settings \Craig_2\Application Data\drvcleaner.exe
C:\ann.exe
C:\antivir.exe
C:\WINDOWS\SYSTEM32\ntsystem.exe
Go to the My Computer and delete the following folders (if present):
C:\Program Files\Common Files\DriveCleaner Free
Use the Windows search Start
Search
All files and folders
More advanced options Checkmark these options: "Search system folders"
"Search hidden files and folders"
"Search subfolders"
Search for this and delete if found: xlibgfl254.dll
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
================
When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log
- contents of C:\Rapport.txt
Okay I did everything in the post, but I had one problem. I could not install Windows XP SP1a. It said that my copy of windows might be pirated? This computer is pretty old, not he main one I use, and I didn't install the system on it so not sure what to do there. Other than that everything went pretty well, lol. Here are my reports:
AVG
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 6:28:38 PM 3/25/2007
+ Scan result:
D:\WINDOWS\SYSTEM\chktrust.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023192.dll -> Adware.Bonzo : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023202.exe -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023178.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP45\A0022141.dll -> Adware.Comet : Cleaned with backup (quarantined).
D:\WINDOWS\Application Data\Business Logic\UWC\Backup\J37370.8592762731.WCU/C:/WINDOWS/TEMP/ccu/CSBand.dll -> Adware.Comet : Cleaned with backup (quarantined).
D:\WINDOWS\Application Data\Business Logic\UWC\Backup\J37370.8592762731.WCU/C:/WINDOWS/TEMP/ccu/comet.cab/CSBand.dll -> Adware.Comet : Cleaned with backup (quarantined).
D:\WINDOWS\Application Data\Business Logic\UWC\Backup\J37370.8592762731.WCU/C:/WINDOWS/TEMP/ccu/comet.cab/csbho.dll -> Adware.Comet : Cleaned with backup (quarantined).
D:\WINDOWS\Application Data\Business Logic\UWC\Backup\J37370.8592762731.WCU/C:/WINDOWS/TEMP/ccu/csbho.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023187.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023188.DLL -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP60\A0024001.exe -> Adware.DriveCleaner : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP71\A0028955.exe -> Adware.DriveCleaner : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP71\A0028956.exe -> Adware.DriveCleaner : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP60\A0024003.dll -> Adware.ErrorSafe : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023205.exe -> Adware.Gator : Cleaned with backup (quarantined).
D:\WINDOWS\Application Data\Business Logic\UWC\Backup\J37370.8592762731.WCU/C:/WINDOWS/TEMP/HBINST.EXE -> Adware.Hotbar : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023215.dll -> Adware.Ilookup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023177.exe -> Adware.MediaTicket : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023214.DLL -> Adware.MyWaySpeed : Cleaned with backup (quarantined).
D:\WINDOWS\newdotnet2_98.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
F:\Program Files\NewDotNet\uninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023209.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023210.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023211.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023222.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023223.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023224.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023225.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023226.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
F:\WINDOWS\NDNuninstall4_85.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
F:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\PestTrap -> Adware.PestTrap : Cleaned with backup (quarantined).
C:\Program Files\PestTrap\PestTrap.dvm -> Adware.PestTrap : Cleaned with backup (quarantined).
C:\Program Files\PestTrap\PestTrap.exe -> Adware.PestTrap : Cleaned with backup (quarantined).
C:\Program Files\PestTrap\Uninstall.exe -> Adware.PestTrap : Cleaned with backup (quarantined).
C:\Program Files\PestTrap\base.avd -> Adware.PestTrap : Cleaned with backup (quarantined).
C:\Program Files\PestTrap\base001.avd -> Adware.PestTrap : Cleaned with backup (quarantined).
C:\Program Files\PestTrap\base002.avd -> Adware.PestTrap : Cleaned with backup (quarantined).
C:\Program Files\PestTrap\found.wav -> Adware.PestTrap : Cleaned with backup (quarantined).
C:\Program Files\PestTrap\heur000.dll -> Adware.PestTrap : Cleaned with backup (quarantined).
C:\Program Files\PestTrap\heur001.dll -> Adware.PestTrap : Cleaned with backup (quarantined).
C:\Program Files\PestTrap\heur002.dll -> Adware.PestTrap : Cleaned with backup (quarantined).
C:\Program Files\PestTrap\heur003.dll -> Adware.PestTrap : Cleaned with backup (quarantined).
C:\Program Files\PestTrap\notfound.wav -> Adware.PestTrap : Cleaned with backup (quarantined).
C:\Program Files\PestTrap\removed.wav -> Adware.PestTrap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023176.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023228.DLL -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028612.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023221.dll -> Adware.RelatedLinks : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023190.exe/VVSN.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Craig_2\Desktop\SmitfraudFix\SmiUpdate.exe -> Adware.SmiUpdate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP71\A0028963.exe -> Adware.SmiUpdate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023179.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023180.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023181.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023182.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP60\A0023986.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP60\A0023987.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP60\A0023988.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP60\A0023989.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023183.exe -> Adware.SpySheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP60\A0023990.exe -> Adware.SpySheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025438.dll -> Adware.SpySheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025439.dll -> Adware.SpySheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025440.dll -> Adware.SpySheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025441.dll -> Adware.SpySheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP63\A0025496.dll -> Adware.SpySheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP63\A0025498.dll -> Adware.SpySheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP71\A0028910.dll -> Adware.SpySheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP71\A0028912.dll -> Adware.SpySheriff : Cleaned with backup (quarantined).
D:\WINDOWS\wt\backup\1.6.0.037\wcmdmgr.exe -> Adware.Wildtangent : Cleaned with backup (quarantined).
D:\WINDOWS\wt\updater\wcmdmgr.exe -> Adware.Wildtangent : Cleaned with backup (quarantined).
C:\John\From C\Common Files\BTLINK\BTLINK.DLL -> Adware.Wintol : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023342.dll -> Backdoor.Agent.aq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023454.exe -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023459.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023466.exe -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023478.exe -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023482.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023488.exe -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023521.exe -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023527.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023532.exe -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023537.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023557.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023577.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023602.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023611.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023624.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023634.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023643.exe -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023650.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023655.exe -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023659.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023664.exe -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023671.exe -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023675.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023681.exe -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023685.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023695.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023704.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023716.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023725.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023734.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023747.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023752.exe -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023761.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP60\A0024083.exe -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP60\A0024090.exe -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP60\A0024107.exe -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP71\A0028951.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP71\A0028952.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP71\A0028953.dll -> Downloader.Agent.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023552.exe -> Downloader.AIO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023573.exe -> Downloader.AIO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023591.exe -> Downloader.AIO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023607.exe -> Downloader.AIO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023620.exe -> Downloader.AIO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023630.exe -> Downloader.AIO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023691.exe -> Downloader.AIO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023700.exe -> Downloader.AIO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023712.exe -> Downloader.AIO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023721.exe -> Downloader.AIO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023730.exe -> Downloader.AIO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023739.exe -> Downloader.AIO : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023218.dll -> Downloader.BHO.d : Cleaned with backup (quarantined).
C:\qoobox\purity\WINDOWS\SYSTEM32\RACLE~1\spool32.exe -> Downloader.PurityScan.da : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP71\A0028939.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP71\A0028947.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023336.exe -> Downloader.Small.dmj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP49\A0023160.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP49\A0023167.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023229.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023232.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023269.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023281.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023287.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023293.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023300.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023306.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023312.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023317.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023323.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023329.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP71\A0028940.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP71\A0028950.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
D:\Program Files\Internet Explorer\iexplorer.exe -> Dropper.Agent.bs : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023339.dll -> Dropper.Mudrop.w : Cleaned with backup (quarantined).
C:\WINDOWS\run2.exe -> Dropper.VB.nn : Cleaned with backup (quarantined).
F:\WINDOWS\Downloaded Program Files\imloader.exe -> Not-A-Virus.Downloader.Win32.ImLoader.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP49\A0023164.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP49\A0023172.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP49\A0023173.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023175.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP50\A0023186.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023279.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023285.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023291.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023297.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023298.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023304.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023310.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023321.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023327.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023333.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP53\A0023349.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP54\A0023357.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP55\A0023364.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP55\A0023370.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP55\A0023375.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023467.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023487.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023553.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023665.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023680.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023690.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP59\A0023778.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP60\A0024118.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP61\A0024126.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP61\A0024134.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP61\A0024143.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0024388.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025360.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025373.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025383.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025392.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025407.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025427.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025434.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025452.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025460.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025471.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP63\A0025484.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP63\A0025492.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP64\A0025514.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP66\A0025540.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP66\A0026535.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP66\A0027535.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP66\A0028535.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP66\A0028544.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP66\A0028557.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP66\A0028565.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028577.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028587.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028597.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028598.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028608.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028613.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028624.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028682.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028715.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028723.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028850.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028862.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP68\A0028882.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP69\A0028893.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP71\A0028907.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP71\A0028930.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP71\A0028948.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP71\A0028949.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\winstall.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\caryn s\Cookies\caryn s@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\caryn s\Cookies\caryn s@112.2o7[4].txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\caryn s\Cookies\caryn s@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\caryn s\Cookies\caryn s@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\caryn s\Cookies\caryn s@2o7[3].txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\caryn s\Cookies\caryn s@2o7[4].txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\caryn s\Cookies\caryn s@maxis.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\caryn s\Cookies\caryn s@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Ad-flow : Cleaned with backup (quarantined).
:mozilla.109:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Ad-logics : Cleaned with backup (quarantined).
:mozilla.111:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Ad-logics : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ads.addynamix[3].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ads.addynamix[4].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@adorigin[2].txt -> TrackingCookie.Adorigin : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ads.adorigin[1].txt -> TrackingCookie.Adorigin : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@z1.adserver[2].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@z1.adserver[3].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@z1.adserver[5].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.113:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.114:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.115:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.116:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.117:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.118:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.119:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.120:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.121:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.122:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.123:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.124:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.125:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.126:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.127:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.128:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.129:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.130:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.131:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.132:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.133:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.24:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.49:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.73:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.122:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.123:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.124:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.125:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.126:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.127:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.128:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.129:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.130:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.131:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.132:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.133:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.24:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.49:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.73:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@bluestreak[3].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ads04.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@citi.bridgetrack[3].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@rccl.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.98:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Brilliantdigital : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@casalemedia[3].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@casalemedia[4].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@banner.casinolasvegas[2].txt -> TrackingCookie.Casinolasvegas : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@casinolasvegas[1].txt -> TrackingCookie.Casinolasvegas : Cleaned with backup (quarantined).
:mozilla.30:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@centrport[2].txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@cj[2].txt -> TrackingCookie.Cj : Cleaned with backup (quarantined).
:mozilla.11:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Clickagents : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@clickagents[1].txt -> TrackingCookie.Clickagents : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ads.guardian.co[2].txt -> TrackingCookie.Co : Cleaned with backup (quarantined).
:mozilla.45:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.46:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.47:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.92:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@com[3].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@news.com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.7:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup (quarantined).
:mozilla.8:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@commission-junction[1].txt -> TrackingCookie.Commission-junction : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@data.coremetrics[2].txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@stat.dealtime[3].txt -> TrackingCookie.Dealtime : Cleaned with backup (quarantined).
:mozilla.86:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ad.doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@e-2dj6wjk4gjczelo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@e-2dj6wjl4qjdpwaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@e-2dj6wjlyaoajado.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.110:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@a.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@a.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.10:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@gator[1].txt -> TrackingCookie.Gator : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@gator[2].txt -> TrackingCookie.Gator : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@www.hightrafficads[2].txt -> TrackingCookie.Hightrafficads : Cleaned with backup (quarantined).
:mozilla.16:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.17:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.29:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.31:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.36:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.61:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.62:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.63:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.64:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.65:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.67:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ehg-bskyb.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ehg-cafepress.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ehg-foxsports.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ehg-newsinternational.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ehg-nokiafin.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ehg-sonyelec.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ehg-sonyny.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ehg-sonyvaio.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ehg-space.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@searchportal.information[2].txt -> TrackingCookie.Information : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.81:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.87:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@search.msn[1].txt -> TrackingCookie.Msn : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@search.msn[2].txt -> TrackingCookie.Msn : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@search.msn[3].txt -> TrackingCookie.Msn : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@search.msn[4].txt -> TrackingCookie.Msn : Cleaned with backup (quarantined).
:mozilla.9:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@overture[3].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@overture[5].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ads.pointroll[3].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ads.pointroll[4].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@www.popuptraffic[2].txt -> TrackingCookie.Popuptraffic : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@c.porngraph[1].txt -> TrackingCookie.Porngraph : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@c.porngraph[2].txt -> TrackingCookie.Porngraph : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@stats3.porntrack[1].txt -> TrackingCookie.Porntrack : Cleaned with backup (quarantined).
:mozilla.6:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.76:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@qksrv[3].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.32:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@questionmarket[3].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@questionmarket[4].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@real[2].txt -> TrackingCookie.Real : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@real[3].txt -> TrackingCookie.Real : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@real[4].txt -> TrackingCookie.Real : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@real[5].txt -> TrackingCookie.Real : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@real[6].txt -> TrackingCookie.Real : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ads.realcastmedia[3].txt -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@realmedia[3].txt -> TrackingCookie.Realmedia : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@revenue[3].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@revsci[2].txt -> TrackingCookie.Revsci : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@revsci[3].txt -> TrackingCookie.Revsci : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@edge.ru4[3].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@edge.ru4[5].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@bs.serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@serving-sys[5].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@cs.sexcounter[3].txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.55:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@sexlist[2].txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.18:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.19:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.20:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@counter12.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@counter14.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@counter16.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@counter2.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@counter6.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@counter8.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@skype[2].txt -> TrackingCookie.Skype : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@adopt.specificclick[3].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@spinbox[2].txt -> TrackingCookie.Spinbox : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@statcounter[3].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@statcounter[5].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.77:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.74:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.79:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.80:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@trafficmp[3].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@trafficmp[4].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@tribalfusion[3].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@tribalfusion[5].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@premiumnetworkrocks.valuead[1].txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.70:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.71:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.136:D:\WINDOWS\Application Data\Mozilla\Profiles\default\39drx45f.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@clickthrough.wegcash[1].txt -> TrackingCookie.Wegcash : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@clickthrough.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@free.wegcash[1].txt -> TrackingCookie.Wegcash : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@free.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@free.wegcash[4].txt -> TrackingCookie.Wegcash : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@programs.wegcash[1].txt -> TrackingCookie.Wegcash : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@programs.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@programs.wegcash[3].txt -> TrackingCookie.Wegcash : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ads.x10[1].txt -> TrackingCookie.X10 : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ads.x10[2].txt -> TrackingCookie.X10 : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ads.x10[4].txt -> TrackingCookie.X10 : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@c1.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@zedo[3].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Cookies\caryn s@zedo[4].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP60\A0024114.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP61\A0024122.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP61\A0024130.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP61\A0024139.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0024355.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025355.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025368.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025377.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025388.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025403.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025416.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025418.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025432.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025456.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP62\A0025467.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP63\A0025504.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP66\A0025531.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP66\A0026531.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP66\A0027531.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP66\A0028531.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP66\A0028540.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP66\A0028548.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028573.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028583.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028593.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028602.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028615.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028678.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028711.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028719.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028839.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP67\A0028865.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP68\A0028876.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP68\A0028886.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP71\A0028905.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP71\A0028937.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP49\A0023155.exe -> Trojan.Agent.rx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023337.dll -> Trojan.Agent.rx : Cleaned with backup (quarantined).
F:\WINDOWS\Downloaded Program Files\olehelp.exe -> Trojan.Bizten.q : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP52\A0023341.exe -> Trojan.Imiserv.d : Cleaned with backup (quarantined).
F:\Documents and Settings\caryn s\Local Settings\Temporary Internet Files\Content.IE5\0HYZ0TQJ\exitpop[1].htm -> Trojan.NoClose.i : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\wintcc.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP63\A0025497.dll -> Trojan.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{92EC2403-EAAF-47C1-86E1-4BF9C88B3402}\RP71\A0028911.dll -> Trojan.Zlob : Cleaned with backup (quarantined).
C:\undo\backup.cab/\Device\Harddisk0\Partition1\System Volume Information\_restore{17F0CFBF-E602-40E9-90B9-D5C93F621587}\RP333\A0079486.OCM -> Worm.AimVen : Cleaned with backup (quarantined).
E:\Program Files\AIM95\icbmft.ocm -> Worm.AimVen : Cleaned with backup (quarantined).
::Report end
Hi Jack This
Logfile of HijackThis v1.99.1
Scan saved at 7:03:58 PM, on 3/25/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Ares Ultra\Ares Ultra.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: XBTBPos00 - {A50B6E91-4081-4B37-BEA1-AD98A3CD51BA} - C:\PROGRA~1\EMUSIC~2\EMUSIC~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: eMusic Toolbar - {F8CC9B08-C14F-4A5C-B73B-518AFECC067A} - C:\Program Files\eMusic Toolbar\emusicToolbar.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174847456240
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
Rapport
SmitFraudFix v2.153
Scan done at 17:21:14.22, Fri 03/23/2007
Run from C:\Documents and Settings\Craig_2\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
C:\winstall.exe FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Craig_2
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Craig_2\Application Data
C:\Documents and Settings\Craig_2\Application Data\Install.dat FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\CRAIG_2\STARTM~1\PROGRAMS\PestTrap FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CRAIG_2\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\PestTrap\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.google.com/intl/en_ALL/images/logo.gif"
"SubscribedURL"="http://www.google.com/intl/en_ALL/images/logo.gif"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Hi :)
I overlooked something :(
Backup your registry:
Start
Run
Type the following to the box and hit Ok: regedit
A window opens, click on File
Choose Export form the menu
Change the save location to C:\
Give the filename, RegBackUp
Make sure that the filetype is set to Registryfiles (*.reg)
Click on Save and Close the window
Open Notepad (NOT WORDPAD!) and copy the following lines from the quote box below into a new document, leaving a blank line at the end. (don't forget to copy and paste the word REGEDIT4) :
REGEDIT4
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.
Save the document to your desktop as Fix.reg and filetype: All Files
Go to your desktop and double click on the file to run Fix.reg and when it asks you if you want to merge the contents to the registry, click yes/ok.
You don't seem to have a third-party firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) installed. You must install one firewall.
These are good (free) firewalls: Sunbelt-Kerio (http://www.sunbelt-software.com/Kerio.cfm)
ZoneAlarm (http://www.zonelabs.com/)
Sygate (http://http://www.majorgeeks.com/download.php?det=3356)
Outpost (http://www.majorgeeks.com/download.php?det=1056)
Comodo (http://www.personalfirewall.comodo.com)
You don't have an antivirus (http://forum.malwareremoval.com/viewtopic.php?p=53#53) on your computer, you must install one antivirus. Otherwise you'll get infected again.
These are good (free) antiviruses: AVG (http://free.grisoft.com)
Antivir (http://www.free-av.com)
Avast (http://www.avast.com)
You propably won't stay clean without the Windows Updated.
You should install a legitimate Windows.
Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Use AVG Anti-Spyware (http://www.ewido.net/en/)
Download and install AVG Anti-Spyware. Update it and scan your computer regularly with it.
Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.
Use Firefox browser (http://www.mozilla.org)
Firefox is faster and more secure browser than Internet Explorer.
Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly. How to enable Automatic Updates? (http://www.bleepingcomputer.com/tutorials/tutorial35.html)
Keep your antivirus (http://forum.malwareremoval.com/viewtopic.php?p=53#53) and firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) up-to-date
Scan your computer regularly with you antivirus software.
Read this article by TonyKlein (http://forums.spybot.info/showthread.php?t=279)
So how did I get infected in the first place?
Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Stay clean and be safe ;)
Thank you Mr_JAk3.
spaceid, this topic has been archived, glad we could help.