Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

newbie seeking help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

newbie seeking help

Unread postby Dareos » February 10th, 2006, 11:38 pm

Hi guys, found this site due to the BBC report, and so far from reading through it i am most impressed. I am not a tech head in any way, my machine is used for gaming mainly, and keeping in touch with friends, im not bad with the old hardware and installation of components etc, but the software side has me baffled

anyways, the comp has been causing probs with various HD activity and slowing down a lot, so i was hoping some of you may be able to help me a little.

this, i think is the Hijackthis logfile, feel free to slap me upside the head if i got the wrong thing. All input welcomed.

Logfile of HijackThis v1.99.1
Scan saved at 03:32:27, on 11/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.ghbunyzfmi.com/UlMlp6ekQ2kCv ... k4FZE.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [winsockdriver] winsock2.2.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [GlueSoftwareOnceScr] C:\Documents and Settings\All Users\Application Data\01RoadGlueSoftware\Mess face.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [meet hope] C:\DOCUME~1\Jonny\APPLIC~1\MATHAT~1\Bodyfast.exe
O4 - HKCU\..\Run: [Popup Defender] "C:\Program Files\Popup Defender\pd.exe" Minimize
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?50b0573b492d42e0aff39acd8f2c1510
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?50b0573b492d42e0aff39acd8f2c1510
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://watcherswebclubhouse.com/downloa ... module.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/softwar ... launch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.blueyonder.co.uk/html/softw ... reQual.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto ... dwnldr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe



thanks in advance.
Dareos
Regular Member
 
Posts: 19
Joined: February 10th, 2006, 11:42 am
Location: Scotland
Advertisement
Register to Remove

Unread postby Kimberly » February 11th, 2006, 2:12 am

Hello Dareos and welcome,

There are a few items to fix on the PC (Messenger Plus3 & LOP infection) but the worst entry is this one :

O4 - HKLM\..\Run: [winsockdriver] winsock2.2.exe

Variant of this one, possible presence of a rootkit on your computer
http://securityresponse.symantec.com/av ... .worm.html

Untill we know more about the file, You are strongly advised to do the following immediately:

1. Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned.

2. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

3. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passords and transaction information.

and what ever else seems appropriate.

We can likely clean the infected files off computer but we cannot be sure that the files involved didn't do anything to your system to reduce overall system security. You could be vulnerable to another attack as soon as you connect to net again. I personally would reinstall if this happend on my computer. Please let me know your intentions if those files turn out to be what I think they are.

Please perform the following in order to gather more info:

Make sure that you can see hidden files.
  1. Click Start.
  2. Click My Computer.
  3. Select the Tools menu and click Folder Options.
  4. Select the View Tab.
  5. Under the Hidden files and folders heading select Show hidden files and folders.
  6. Uncheck the Hide protected operating system files (recommended) option.
  7. Click Yes to confirm.
  8. Uncheck the Hide file extensions for known file types.
  9. Click OK.
______________________________

Use the Start > Search function. Make sure that Local Disk (C) is listed in the dropdrown box - if not, click the arrow and select it.
Click All files and folders, and then click More advanced options.
  • Click to select the Search system folders and Search hidden files and folders check boxes.
  • Make sure that the Subfolders are checked too.
Type winsock2.2.exe in the search box and click the Search button. Write down the filepath - probably c:\windows\system32 ...

Submit the file <path to file>\winsock2.2.exe to Jotti's scanner at:
http://virusscan.jotti.org/
Post the results here in the next reply.
______________________________

Run HijackThis, click on Open the Misc Tools Section. Put a checkmark in List also minor sections and List empty sections. Click on Generate StartupList log, anwser Yes and copy/paste the content in your reply.
______________________________

Please post
  1. Jotti's scanner results
  2. HijackThis startup list
You might need several replies to post the requested logs, otherwise they might get cut off.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby Dareos » February 14th, 2006, 1:29 pm

posting from work :)

attempted to find this using search last night, but nothing was coming up under winsock2.2.exe, not sure if i am doing something wrong, so will have another go tonight.
Dareos
Regular Member
 
Posts: 19
Joined: February 10th, 2006, 11:42 am
Location: Scotland

Unread postby Kimberly » February 14th, 2006, 1:39 pm

Hello Dareos,

No worries. Make sure that you are revealing the Hidden folders and files to find the file. It is possible that your antivirus already did delete the file although I don't see one running in your log.

In meanwhile I would like to see a new hijackthis log too since a few days have passed along with a startup list.

Run HijackThis, click on Open the Misc Tools Section, put a checkmark in List also minor sections and List empty sections. Click on Generate StartupList log, anwser Yes and copy/paste the content in your reply.
Click Back and Click on Scan. When the scan is finished, click Save Log and paste the content in your reply.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby Dareos » February 14th, 2006, 7:32 pm

StartupList report, 14/02/2006, 23:31:14
StartupList version: 1.52.2
Started from : C:\DOCUME~1\Jonny\LOCALS~1\Temp\Rar$EX00.066\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Jonny\LOCALS~1\Temp\Rar$EX00.066\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Jonny\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

UpdReg = C:\WINDOWS\UpdReg.EXE
zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe
Jet Detection = "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
winsockdriver = winsock2.2.exe
WINDVDPatch = CTHELPER.EXE
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
Openwares LiveUpdate = C:\Program Files\LiveUpdate\LiveUpdate.exe
nwiz = nwiz.exe /install
Logitech Utility = Logi_MwX.Exe
GlueSoftwareOnceScr = C:\Documents and Settings\All Users\Application Data\01RoadGlueSoftware\Mess face.exe
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MessengerPlus3 = "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
meet hope = C:\DOCUME~1\Jonny\APPLIC~1\MATHAT~1\Bodyfast.exe
Popup Defender = "C:\Program Files\Popup Defender\pd.exe" Minimize
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssstars.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

--------------------------------------------------

Enumerating Task Scheduler jobs:

E515D757A9564827.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://active.macromedia.com/director/cabs/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409

[{2357B3CF-7F8D-4451-8D81-FD6097610AEE}]
CODEBASE = http://watcherswebclubhouse.com/downloa ... module.exe

[{33564D57-9980-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://by101fd.bay101.hotmail.msn.com/r ... nPUpld.cab

[GSDACtl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\gsda.dll
CODEBASE = http://launch.gamespyarcade.com/softwar ... launch.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab

[IntraLaunch.MainControl]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\INTRALAUNCH.OCX
CODEBASE = file://D:\SuperCD\IntraLaunch.CAB

[PreQualifier Class]
InProcServer32 = C:\WINDOWS\System32\MotivePreQual.dll
CODEBASE = http://help.blueyonder.co.uk/html/softw ... reQual.cab

[Downloader Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\dwnldr.dll
CODEBASE = http://www.stopzilla.com/_download/Auto ... dwnldr.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/products/plugin/aut ... s-i586.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/products/plugin/aut ... s-i586.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/products/plugin/aut ... s-i586.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shoc ... wflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

a347bus: system32\DRIVERS\a347bus.sys (system)
a347scsi: System32\Drivers\a347scsi.sys (system)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD AGP Bus Filter Driver: System32\DRIVERS\amdagp.sys (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (autostart)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Creative AC3 Software Decoder: System32\drivers\ctac32k.sys (manual start)
Creative Audio Driver (WDM): system32\drivers\ctaud2k.sys (manual start)
Creative SBLive! Gameport: System32\DRIVERS\ctljystk.sys (manual start)
Creative Proxy Driver: System32\drivers\ctprxy2k.sys (manual start)
Creative SoundFont Management Device Driver: System32\drivers\ctsfm2k.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Creative SB Live! (WDM): system32\drivers\emu10k1m.sys (manual start)
Creative Interface Manager Driver (WDM): system32\drivers\ctlfacem.sys (manual start)
E-mu Plug-in Architecture Driver: System32\drivers\emupia2k.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver: System32\DRIVERS\FA312nd5.sys (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Creative Hardware Abstract Layer Driver: system32\drivers\ha10kx2k.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPodService: C:\Program Files\iPod\bin\iPodService.exe (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
iTouch Keyboard Filter: System32\DRIVERS\itchfltr.sys (manual start)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Logitech PS/2 Mouse Filter Driver: System32\DRIVERS\L8042pr2.Sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Logitech Mouse Class Filter Driver: System32\DRIVERS\LMouFlt2.Sys (manual start)
LT Modem Driver: System32\DRIVERS\ltmdmnt.sys (manual start)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
nv4: System32\DRIVERS\nv4.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Creative OS Services Driver: system32\drivers\ctoss2k.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
pavdrv: System32\DRIVERS\pavdrv51.sys (autostart)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PfModNT: \??\C:\WINDOWS\System32\PfModNT.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
PSSdk21: \??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Casio Digital Camera: System32\DRIVERS\qv2kux.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Creative SoundFont Manager Driver (WDM): system32\drivers\sfmanm.sys (manual start)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{9075DD82-48B5-4A1B-A8CD-9A8222B6319D} (manual start)
SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
SYMIDSCO: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20050610.011\symidsco.sys (manual start)
SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Cable Modem 351000 NDIS Driver: System32\DRIVERS\usbcm.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
ViaIde: System32\DRIVERS\viaide.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Media Connect (WMC): c:\program files\windows media connect\mswmccds.exe (manual start)
Windows Media Connect (WMC) Helper: C:\Program Files\Windows Media Connect\mswmcls.exe (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\Jonny\LOCALS~1\Temp\GLB1A2B.EXE||C:\Documents and Settings\Jonny\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-66a18b46-7de9d80d.zip => C:\DOCUME~1\Jonny\LOCALS~1\Temp\temp.fr42C3||e

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 36,667 bytes
Report generated in 0.631 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Dareos
Regular Member
 
Posts: 19
Joined: February 10th, 2006, 11:42 am
Location: Scotland

Unread postby Dareos » February 14th, 2006, 7:36 pm

Logfile of HijackThis v1.99.1
Scan saved at 23:36:24, on 14/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Jonny\LOCALS~1\Temp\Rar$EX00.066\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.ghbunyzfmi.com/UlMlp6ekQ2kCv ... k4FZE.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [winsockdriver] winsock2.2.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [GlueSoftwareOnceScr] C:\Documents and Settings\All Users\Application Data\01RoadGlueSoftware\Mess face.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [meet hope] C:\DOCUME~1\Jonny\APPLIC~1\MATHAT~1\Bodyfast.exe
O4 - HKCU\..\Run: [Popup Defender] "C:\Program Files\Popup Defender\pd.exe" Minimize
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?50b0573b492d42e0aff39acd8f2c1510
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?50b0573b492d42e0aff39acd8f2c1510
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://watcherswebclubhouse.com/downloa ... module.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/softwar ... launch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.blueyonder.co.uk/html/softw ... reQual.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto ... dwnldr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Dareos
Regular Member
 
Posts: 19
Joined: February 10th, 2006, 11:42 am
Location: Scotland

Unread postby Dareos » February 14th, 2006, 7:41 pm

once again i attempted to scan the drive for the winsock file, no joy (
Dareos
Regular Member
 
Posts: 19
Joined: February 10th, 2006, 11:42 am
Location: Scotland

Unread postby Kimberly » February 15th, 2006, 2:52 pm

Hello Dareos,

Let's fix the PC. :)

Messenger Plus comes bundled with LOP, hence the removal suggestion.

Openwares.org : They repack programs with spyware, they spread their spyware-infested, unofficial versions of our products through half-reputable download sites such as download.com. Each program you did download from there will be likely infected. I recommend that if you remember which programs you did install from there, you remove them and you download the program from the official website.

Please download the trial version of Ewido from here:
http://www.ewido.net/en/download/
  • Install Ewido.
  • When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
  • When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
  • The program will prompt you to update. Click the Ok button.
  • The program will now go to the main screen.
You will need to update Ewido to the latest definition files.
  • On the left-hand side of the main screen click the Update Button.
  • Click on Start.
The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates. Make sure to close Ewido before installing the update.
______________________________

Click on Start, Control Panel, click on Add/Remove Programs
Look through the installed programs for the following items and remove them if present:

Messenger Plus! 3
Spyware Installer


During the uninstall process, you might be presented with several prompts to guide you through uninstalling the product. Read these carefully to make sure you are actually choosing to uninstall rather than keep the software.
______________________________

Copy/paste the following text into a new Notepad document.

cd %WinDir%\Tasks
attrib -r -s -h E515D757A9564827.job
del E515D757A9564827.job


Save it to your desktop as klj.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name: klj.bat

Double click klj.bat. A DOS box should open and close quickly, this is normal.
______________________________

Your last HijackThis log was from a temp folder, use the HijackThis.exe located in C:\program files - it's essential for the backups.

Start > Run > C:\Program Files\HijackThis\HijackThis.exe

Run HijackThis, click on None of the above, just start the program, click on Scan. Put a check in the box on the left side of the following items if still present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.ghbunyzfmi.com/UlMlp6ekQ2kCv ... k4FZE.html
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [winsockdriver] winsock2.2.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [GlueSoftwareOnceScr] C:\Documents and Settings\All Users\Application Data\01RoadGlueSoftware\Mess face.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [meet hope] C:\DOCUME~1\Jonny\APPLIC~1\MATHAT~1\Bodyfast.exe

Optional :

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative’s sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it

Close ALL windows and browsers except HijackThis and click Fix Checked
______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
______________________________

Using Windows Explorer, Search and Delete these Folders if listed:

C:\Program Files\LiveUpdate
C:\Program Files\Messenger Plus! 3
C:\Documents and Settings\All Users\Application Data\01RoadGlueSoftware
C:\Documents and Settings\Jonny\Application Data\MATHAT~1 <-- short name, folder start with MATHAT ....
______________________________

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Procede like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, click to select the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido Security Suite, and run a full scan.
  • Click on Scanner
  • Click on Settings
    • Under How to scan all boxes should be checked
    • Under Unwanted Software all boxes should be checked
    • Under What to scan select Scan every file
    • Click on Ok
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections, then choose clean and click Ok.

Once the scan has completed, there will be a button located on the bottom of the screen named Save Report.
  • Click Save Report button
  • Save the report to your Desktop
Close Ewido and reboot in Normal Mode
______________________________

Please post
  1. the Ewido log
  2. A new HijackThis log
Couple of questions :
  1. Do you have other user accounts on the PC ? If yes I need a HijackThis log from each account because LOP spreads accross different accounts
  2. Do you still have Panda installed ?
  3. Do you still have Norton installed ? Which version ?
Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby Dareos » February 16th, 2006, 8:31 pm

Logfile of HijackThis v1.99.1
Scan saved at 00:20:57, on 17/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKCU\..\RunOnce: [winsockdriver] winsock2.2.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://watcherswebclubhouse.com/downloa ... module.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/softwar ... launch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.blueyonder.co.uk/html/softw ... reQual.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto ... dwnldr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Dareos
Regular Member
 
Posts: 19
Joined: February 10th, 2006, 11:42 am
Location: Scotland

Unread postby Dareos » February 16th, 2006, 8:32 pm

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 00:18:14, 17/02/2006
+ Report-Checksum: 5CCEF13A

+ Scan result:

:mozilla.69:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.386:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.407:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.432:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.433:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.438:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.439:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.441:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.459:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.462:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.463:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.469:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.473:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.483:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.495:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.498:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.499:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.554:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup
:mozilla.555:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup
:mozilla.556:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup
:mozilla.605:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.606:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.622:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.623:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.624:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.625:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.643:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.644:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.645:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.646:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.647:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.672:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.673:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.674:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.675:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.676:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.677:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.679:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.687:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.693:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.708:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.711:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.726:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Jonny\My Documents\Adaware Pro retail edition with crack\keygen.exe -> Adware.WinAD : Cleaned with backup
:mozilla.16:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.17:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.20:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.21:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.25:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.27:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
-> : Error during cleaning
:mozilla.29:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.30:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.31:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.32:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.36:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.37:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.38:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.39:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.40:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.45:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.47:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.52:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.57:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.64:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.69:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.81:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.82:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.83:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.84:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.85:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.86:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.87:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.88:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.90:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.92:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.96:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.97:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.98:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.99:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.100:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.110:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.122:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.125:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.130:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.131:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.141:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.146:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.147:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.148:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.149:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.150:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.151:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.155:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.158:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.159:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.177:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.180:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.193:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.194:C:\RECYCLER\NPROTECT\00087648.MOZ -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.16:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.17:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.20:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.21:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.25:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.27:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.28:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.29:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.30:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.31:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.32:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.36:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.37:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.38:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.39:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.40:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.45:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.47:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.52:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.57:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.64:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.69:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.81:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.82:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.83:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.84:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.85:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.87:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.89:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.93:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.94:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.95:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.96:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.97:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.107:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.119:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.122:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.127:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.128:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.138:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.143:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.144:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.145:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.146:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.147:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.148:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.152:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.155:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.156:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.174:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.177:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.190:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.191:C:\RECYCLER\NPROTECT\00087649.MOZ -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.16:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.17:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.20:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.21:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.25:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.27:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.28:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.29:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.30:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.31:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.32:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.36:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.37:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.38:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.39:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.40:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.45:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.47:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.52:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.57:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.64:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.69:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.81:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.82:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.83:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.84:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.85:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.87:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.89:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.93:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.94:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.95:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.96:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.97:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.107:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.119:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.122:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.127:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.128:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.138:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.143:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.144:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.145:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.146:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.147:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.148:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.152:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.155:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.156:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.174:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.177:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.190:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.191:C:\RECYCLER\NPROTECT\00087959.MOZ -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.16:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.17:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.20:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.21:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.25:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.27:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.28:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.29:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.30:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.31:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.32:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.36:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.37:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.38:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.39:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.40:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.45:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.47:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.52:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.57:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.64:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.69:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.81:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.82:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.83:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.84:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.85:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.87:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.89:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.93:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.94:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.95:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.96:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.97:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.107:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.119:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.122:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.127:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.128:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.138:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.143:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.144:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.145:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.146:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.147:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.148:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.152:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.155:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.156:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.174:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.177:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.190:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.191:C:\RECYCLER\NPROTECT\00087960.MOZ -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.20:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.21:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.25:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.27:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.28:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.29:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.30:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.31:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.32:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.36:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.37:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.38:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.39:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.40:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.41:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.42:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.43:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.52:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.53:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.54:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.55:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.60:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.72:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.84:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.85:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.86:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.87:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.88:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.90:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.92:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.96:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.97:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.98:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.99:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.100:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.110:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.122:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.125:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.130:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.131:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.141:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.146:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.147:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.148:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.149:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.150:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.151:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.155:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.158:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.159:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.177:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.180:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.193:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.194:C:\RECYCLER\NPROTECT\00087962.MOZ -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.20:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.21:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.25:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.27:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.28:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.29:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.30:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.31:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.32:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.36:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.37:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.38:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.39:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.40:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.41:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.42:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.43:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.52:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.53:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.54:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.55:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.60:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.72:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.84:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.85:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.86:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.87:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.88:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.90:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.92:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.96:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.97:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.98:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.99:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.100:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.110:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.122:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.125:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.130:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.131:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.141:C:\RECYCLER\NPROTECT\00087963.MOZ -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.146:C:\RECYCLER\NPROTECT\00087963.
Dareos
Regular Member
 
Posts: 19
Joined: February 10th, 2006, 11:42 am
Location: Scotland

Unread postby Kimberly » February 16th, 2006, 8:42 pm

Hello

Ouch, that's a big log and it has been cut off. Can you please leave out all C:\RECYCLER\NPROTECT\ items please and post the end of the Ewido log.

Thanks. :)

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby Dareos » February 17th, 2006, 3:36 am

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 00:18:14, 17/02/2006
+ Report-Checksum: 5CCEF13A

+ Scan result:

:mozilla.69:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.386:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.407:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.432:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.433:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.438:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.439:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.441:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.459:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.462:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.463:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.469:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.473:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.483:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.495:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.498:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.499:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.554:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup
:mozilla.555:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup
:mozilla.556:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup
:mozilla.605:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.606:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.622:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.623:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.624:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.625:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.643:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.644:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.645:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.646:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.647:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.672:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.673:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.674:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.675:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.676:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.677:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned with backup
:mozilla.679:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.687:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.693:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.708:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.711:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.726:C:\Documents and Settings\Jonny\Application Data\Mozilla\Firefox\Profiles\cpl7piez.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Jonny\My Documents\Adaware Pro retail edition with crack\keygen.exe -> Adware.WinAD : Cleaned with backup

C:\WINDOWS\Downloaded Program Files\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : Cleaned with backup


::Report End


this appears to be all there is that isnt C:\RECYCLER etc
Dareos
Regular Member
 
Posts: 19
Joined: February 10th, 2006, 11:42 am
Location: Scotland

Unread postby Dareos » February 17th, 2006, 3:37 am

oh, and i have no Anti Virus running
Dareos
Regular Member
 
Posts: 19
Joined: February 10th, 2006, 11:42 am
Location: Scotland

Unread postby Kimberly » February 17th, 2006, 12:00 pm

It's important to have an antivirus & firewall :(

Download AVG Free edition:
http://www.grisoft.com/doc/289/lng/us/tpl/tpl01
Or another antivirus solution

Download Zone Alarm Free:
http://www.zonelabs.com/store/content/c ... wnload.jsp
Or another firewall
______________________________

Run HijackThis, click on None of the above, just start the program, click on Scan. Put a check in the box on the left side of the following items if still present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto ... dwnldr.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/softwar ... launch.cab

Close ALL windows and browsers except HijackThis and click Fix Checked
______________________________

Let's go after that winsockdriver

Download WinPFind.zip to your Desktop or to your usual Download Folder.
http://www.bleepingcomputer.com/files/winpfind.php
Extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.
Open the C:\WinPFind folder and double-click on WinPFind.exe.
Click on Configure Scan Options.
Remove all the checkmarks under Folder Options on the left side by clicking the button Remove All, uncheck Run Addon's and click Apply.
Click on the Start Scan button and wait for it to finish.

Please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log file named C:\WinPFind\WinPFind.txt. Please copy that log into your next reply.
______________________________

Download autoruns from here:

http://www.sysinternals.com/Files/Autoruns.zip

Unzip it to its own folder
Open folder and double click "autoruns.exe"
Wait for scan to finish. (it will say "ready" when done)
Click the floppy icon in the toolbar, save log someplace and post results.
______________________________

Using Windows Explorer, go to C:\Windows
Find System.ini
Right click it and select open with...notepad
Make sure "always use selected program to open this kind of file" is UNCHECKED!

Copy and paste results here.

exit system.ini file.
______________________________

Using Windows Explorer, go to C:\Windows
Find Win.ini
Right click it and select open with...notepad
Make sure "always use selected program to open this kind of file" is UNCHECKED!

Copy and paste results here.

exit win.ini file.
______________________________

Copy/paste the following quote box into a new notepad (not wordpad) document.

@ECHO OFF
attrib -r -s -h C:\WINDOWS\system32\winsock2.2.exe
dir %windir%\system32 /a:-d /o:-d > %systemdrive%\files.txt
cls
exit

Save it to he drive root - Local Disk C: - as files.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name: files.bat

Locate files.bat in the C:\ folder and double-click it. It will create files.txt, also in C:
Open the file with notepad. Please copy the information in that log for all files dated in the past 30 days here. They will be at the top of the list.
______________________________

Please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
______________________________

Please post all the requested info.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby Dareos » February 17th, 2006, 5:02 pm

WinPfind

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{1DBF7A14-4E0D-4EC6-9D14-9EBC1A70E4E1} =

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\WS_FTP Pro\wsftpsi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\WS_FTP Pro\wsftpsi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
MSN Search Toolbar Helper = C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN Search Toolbar : C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN Search Toolbar : C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{F3F77C65-DBA2-B3D3-A740-84398C7583AB} = VcAce :
{6A048BB7-E017-4326-B207-AA996C77BBCB} = :
{E6AE90A4-1B01-47F0-AA78-E6B122E145E9} = :
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN Search Toolbar : C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
zBrowser Launcher C:\Program Files\Logitech\iTouch\iTouch.exe
Jet Detection "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
nwiz nwiz.exe /install
Logitech Utility Logi_MwX.Exe
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
Popup Defender "C:\Program Files\Popup Defender\pd.exe" Minimize
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 17/02/2006 21:01:21
Dareos
Regular Member
 
Posts: 19
Joined: February 10th, 2006, 11:42 am
Location: Scotland
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 597 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware